LastPass Network Breached; Calls for Master Password Reset

Password manager LastPass disclosed today that its network was breached and advised users to change their master passwords and enable multifactor authentication. CEO and founder Joe Siegrist said in a security notice that LastPass on Friday discovered suspicious activity on its network; encrypted...

Cisco Web Security Appliance Web Tracking Report Page Cross-Site Scripting Vulnerability

A vulnerability in the Web Tracking Report page of the Cisco Web Security Appliance WSA could allow an unauthenticated, remote attacker to perform a cross-site scripting XSS attack against the user of the web interface. The vulnerability is due to improper validation of user-supplied input in a...

How to Share Sensitive Files Instantly and Securely

Last week, I have to communicate with my friend overseas in China. We both were aware that our email communications were being monitored. So, we both were forced to install and use a fully-fledged encrypted email system. Although it appeared to be very secure, it was quite cumbersome to handle. I...

Adobe Flash Player Double Release Vulnerability (CNVD-2015-02524)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. Adobe Flash Player suffers from a double release vulnerability. The vulnerability allows attackers to build...

Alkacon OpenCms 9.5.1 Multiple XSS Vulnerabilities

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

Adobe Flash Player Arbitrary Code Execution Vulnerability (CNVD-2015-01797)

Adobe Flash Player is a cross-platform, browser-based multimedia player product from Adobe. The product supports cross-screen and browser viewing of applications, content and videos. A security vulnerability exists in Adobe Flash Player. An attacker could exploit this vulnerability to execute...

Alkacon OpenCms 9.5.1 Cross Site Scripting

Product: OpenCms Vendor: Alkacon Software Vulnerable Versions: 9.5.1 and probably prior Tested Version: 9.5.1 Vendor Notification: Mar 05, 2015 https://github.com/alkacon/opencms-core/issues/304 Vendor Patch: Not Yet No Specific Time-line Public Disclosure: Mar 12, 2015 Vulnerability Type:...

[SECURITY] Fedora 20 Update: roundcubemail-1.0.5-1.fc20

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 20 Update: roundcubemail-1.0.4-2.fc20

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

[SECURITY] Fedora 21 Update: roundcubemail-1.0.4-2.fc21

RoundCube Webmail is a browser-based multilingual IMAP client with an application-like user interface. It provides full functionality you expect from an e-mail client, including MIME support, address book, folder manipulation, message searching and spell checking. RoundCube Webmail is written in...

Fake AV Defru Puts New Spin on Rogue AV

Rogue antivirus was once the scourge of the Internet, and while this sort of malware is not entirely extinct, it’s fallen out of favor among criminals as users have become more aware and security products have gotten better at blocking the threat. Image via TechNet However, Daniel Chipiristeanu, ...

OpenDB 1.0.6 user_profile.php redirect_url Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/30989/info Open Media Collectors Database OpenDb is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute...

Microsoft Outlook 2003 Predictable File Location Weakness

No description provided by source. source: http://www.securityfocus.com/bid/10307/info Microsoft Outlook 2003 is reported to be prone to store files that are specified in img tags, in predictable locations. This may present a security risk because many known and potential Internet Explorer...

Alteon OS BBI (Nortell) - Multiple Vulnerabilities XSS and CSRF

No description provided by source. Exploit Title: Alteon OS BBI Nortell - Multiple Vulnerabilities Date: 16 Nov 09 Author: Sintsov Alexey Software Link: downoad link if available Version: = 21.0.8.3 and may be higher =25.1.0.0 Tested on: relevant os Code : exploit code From: DSecRG research dsecr...

EasyGallery 1.17 EasyGallery.PHP Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17624/info EasyGallery is prone to a cross-site scripting vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary...

WordPress 2.2 Request_URI Parameter Cross-Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24383/info WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the...

Beehive Forum 0.7.1 Links.PHP Multiple Cross-Site Scripting Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/24413/info Beehive Forum is prone to multiple cross-site scripting vulnerabilities because the application fails to properly sanitize user-supplied input. An attacker may leverage any of these issues to execute arbitrary...

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution (Pwn2Own)

VUPEN Security Research - Adobe Flash ExternalInterface Use-After-Free Code Execution Pwn2Own Website : http://www.vupen.com Twitter : http://twitter.com/vupen I. BACKGROUND --------------------- Adobe Flash Player is a cross-platform browser-based application runtime that delivers viewing of...

CVE-2012-5650

Cross-site scripting XSS vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite...

CVE-2012-5650

Cross-site scripting XSS vulnerability in the Futon UI in Apache CouchDB before 1.0.4, 1.1.x before 1.1.2, and 1.2.x before 1.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified parameters to the browser-based test suite...