WordPress Page Showcaser Boxes Plugin - Cross Site Scripting

This plugin is prone to a cross site scripting vulnerability via title field. Solution Upgrade the plugin...

WordPress 3 persistent script injection

OVERVIEW ======== A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes on WordPress posts and pages. These don't require authentication by default. The JavaScript injected into a comment is executed when the targe...

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...

CVE-2014-3491

Cross-site scripting XSS vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes...

Microsoft Internet Explorer 5.0.1 Modal Dialog Manipulation Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17713/info Internet Explorer is prone to a remote code-execution vulnerability through exploiting a race-condition when displaying modal security dialog boxes. This issue may be exploited to cause users to inadvertently...

Enigma2 Webinterface 1.7.x 1.6.x 1.5.x (linux) Remote File Disclosure

No description provided by source. !/usr/bin/perl Enigma2 Webinterface 1.7.x 1.6.x 1.5.x remote root file disclosure exploit Author: Todor Donev Email me: todor.donev@@gmail.com Platform: Linux Type: remote Gewgle Dork: Enigma2 movielist filetype:rss Enigma2 is a framebuffer-based zapping...

Hacker Exploits NAS Vulns to Mine $620K in Dogecoin

A hacker, well-versed in malware and exploit development, took advantage of vulnerabilities in Synology network attached storage boxes popular with home users to mine more than $600,000 worth of the digital currency Dogecoin. Researchers Pat Litke and David Shear of Dell SecureWorks’ Counter Thre...

openSUSE Security Update : chromium / v8 (openSUSE-SU-2012:0466-1)

Update to 19.0.1079 Security Fixes bnc754456 : - High CVE-2011-3050: Use-after-free with first-letter handling - High CVE-2011-3045: libpng integer issue from upstream - High CVE-2011-3051: Use-after-free in CSS cross-fade handling - High CVE-2011-3052: Memory corruption in WebGL canvas handling...

Linux worm targeting Routers, Set-top boxes and Security Cameras with PHP-CGI Vulnerability

None...

Smartphones, A Perfect Cyber Espionage and Surveillance Weapon

The use of mobile devices in government environments concerns the secret service of any states, cyber espionage more often exploits the mobile platforms. Mobile devices are reason of great concern for governments, they have a great computational capability, huge memories to store our personal dat...

[SECURITY] Fedora 18 Update: kde-baseapps-4.10.4-1.fc18

Core applications for KDE 4, including: dolphin : File manager kdepasswd : Changes a UNIX password. kdialog : Nice dialog boxes from shell scripts keditbookmarks : Bookmark oranizer and editor kfind : File find utility kfmclient : Tool for opening URLs from the command line konqueror : Web browse...

[SECURITY] Fedora 19 Update: kblackbox-4.10.4-1.fc19

KBlackBox is a game of hide and seek played on a grid of boxes. The computer has hidden several balls within this box. By shooting beams into the box and observing where they emerge it is possible to deduce the positions of the hidden balls. The fewer beams you use and the quicker you are to find...

[SECURITY] Fedora 19 Update: kde-baseapps-4.10.4-1.fc19

Core applications for KDE 4, including: dolphin : File manager kdepasswd : Changes a UNIX password. kdialog : Nice dialog boxes from shell scripts keditbookmarks : Bookmark oranizer and editor kfind : File find utility kfmclient : Tool for opening URLs from the command line konqueror : Web browse...

SuSE 10 Security Update : Mozilla Firefox (ZYPP Patch Number 8578)

Mozilla Firefox has been updated to the 17.0.6ESR security release. - Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. Some of these bugs showed evidence of memory corruption under certain circumstances, and...

SeaMonkey < 2.17 Multiple Vulnerabilities

Binary data 6735.prm...

Cross site scripting

Cross-site scripting XSS vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter...

CVE-2013-0259

Cross-site scripting XSS vulnerability in the Boxes module 7.x-1.x before 7.x-1.1 for Drupal allows remote authenticated users with administer or edit boxes permissions to inject arbitrary web script or HTML via the subject parameter...

CVE-2013-0259

The CVE-2013-0259 entry concerns Drupal’s contributed Boxes module (7.x-1.x) with versions prior to 7.x-1.1. The vulnerability is Cross-site scripting (XSS) that enables remote authenticated users who have administer or edit boxes permissions to inject arbitrary web script or HTML via the subject...

OpenPLI Webif Arbitrary Command Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'OpenPLI Webif Arbitrary Command...

Drupal Boxes Module 'subject'字段HTML注入漏洞

Bugtraq ID:57642 Drupal是一款流行的内容管理系统。 Drupal Boxes模块不正确对"subject"字段进行HTML转义，允许攻击者利用漏洞进行跨站脚本攻击，可获得敏感信息或劫持用户会话。 0 Drupal Boxes Module 7.x 厂商解决方案 Drupal Boxes Module 7.x-1.1已经修复此漏洞，建议用户下载使用： http://drupal.org/node/1897016...