Social Share Button <= 2.1 - Authenticated Stored Cross-Site Scripting (XSS)

Fixed in 2.1.0 but fixedin set to 2.1.1 to avoid confusion between 2.1 and 2.1.0...

WordPress Social Share Button Plugin <= 2.1 - Stored Cross Site Scripting (XSS)

Because of this vulnerability, authenticated administrators can store HTML or JS code. Solution Update the plugin...

Udemy: Reflected XSS and/or malicious redirection via JWPlayer 6 configuration modification

1 Malicious attacker by visiting course page e.g. https://www.udemy.com/overview-of-big-data-hadoop/ and intercepting browser's generated requests can find one to the following URL:...

Trello: Normal User can add new users to group

A normal user does not have privilege to add new members to a group. But adding following HTML button Payload, a Normal user can add new members to a group which he did not have privilege to perform Payload: Add Members Steps To Reproduce: 1. Login to Trello https://trello.com/login 2. Navigate t...

Imgur: Reflected Flash XSS using swfupload.swf with an epileptic reloading to bypass the button-event

Hi, This was a fun one. So I noticed you're using swfupload.swf which is hosted on the main domain, imgur.com. This swfupload.swf as some settings you can use to modify the button on the upload. You can actually insert HTML into the Flash, but the button event that you select yourself using anoth...

The vulnerability of the iOS operating system allows a hacker to replace the content of web pages.

The vulnerability of the Safari browser on the iOS operating system is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to replace the content of web pages by using the “open window” button on the website...

Here's How to Get Facebook New 'Dislike Button' to Your Profile

You may call this a misleading headline. Right? Yes, it's True. And I apologize for this. But… ...before someone else tricks you to visit any malicious link with intent to hijack your Computer or to Hack Facebook Profile, I just tricked you to visit this 'WARNING' article about Facebook Scam of t...

Here's What Facebook 'Dislike or Empathy Button' Would Look Like

A Facebook Dislike button is one of the most frequently requested features from users for years. Earlier in the last week, Facebook finally confirmed its plans to add a Dislike or Empathy to your Facebook Profile and News Feed. If you are thinking that Facebook Dislike is going to be a thumbs-dow...

Facebook to Add a 'Dislike' Button, Mark Zuckerberg Confirms

When a pet dies, or your friend's family member passed away, clicking the 'Like' button to express your sympathy doesn't feel comfortable. Here a user feels a need of something to express their sadness, disagreement, anger, or something other than 'Like': Facebook should have an empathetic...

The vulnerability of the Firefox OS operating system allows a hacker to inject arbitrary HTML code.

The vulnerability of the Gaia Search app for the Firefox OS operating system exists due to the lack of measures taken to protect the structure of the web page. Exploiting this vulnerability allows a malicious actor to inject arbitrary HTML code by manipulating the title and search engine field of...

Multiple Flaws Exposed in Pocket Add-on for Firefox

With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers ...

Adobe Flash - Pointer Crash in Button Handling

Adobe Flash - Pointer Crash in Button Handling Source: https://code.google.com/p/google-security-research/issues/detail?id=399&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample, signalsigsegv7ffff60a14299554f4dc661554237404dfe394d4c6c3e674.swf, crashes in...

Adobe Flash - Pointer Crash in Button Handling

Source: https://code.google.com/p/google-security-research/issues/detail?id=399&can=1&q=label%3AProduct-Flash%20modified-after%3A2015%2F8%2F17&sort=id The attached sample, signalsigsegv7ffff60a14299554f4dc661554237404dfe394d4c6c3e674.swf, crashes in this manner on Linux x64: = 0x00007f693158481f:...

Debian DLA-278-2 : cacti regression update

The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in 0.8.7g-1+squeeze8. NOTE: Tenable Network Security...

[SECURITY] [DLA 278-2] cacti regression update

Package : cacti Version : 0.8.7g-1+squeeze8 The last update of cacti in squeeze-lts, version 0.8.7g-1+squeeze7, had two regressions that caused certain output of scripts to not be processed and caused the save button of graphs.php to not save the changes. The regressions have been fixed in...

WhatsApp Could Offer 'Like' and 'Mark as Unread' Features Soon

The popular instant messaging app WhatsApp might adopt some features from its parent company, Facebook. The messaging giant is testing some new features that might be coming to the app soon. The features include a 'Like' button similar to that of Facebook and a 'Mark as Unread' feature for chat...

WordPress PDF And Print Button Joliprint Plugin <= 1.3.0 - XSS

Because of this vulnerability, the attackers can inject arbitrary JavaScript or HTML code. Solution Update the plugin...

ThinkSAAS通用按钮储存型XSS

简要描述： 至少有4处以上 详细说明： WooYun: ThinkSAAS存储型跨站2处 这个位置现在已经修复过，直接输入javascript被过滤而引发上次问题没过滤的&被转译成&所以上次的payload已经不适用了 发现这个点是基于黑名单的过滤，黑名单的过滤肯定会有考虑不到的地方 这次将payload转换为data:text/html;base64, PGltZyBzcmM9eCBvbmVycm9yPWFsZXJ0KDEpPg== 这样的话一样可以触发xss 漏洞证明： 这个问题通用地存在所有有插入超链接这个按钮的位置...

CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...

CVE-2014-1949

GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...