2672 matches found
CVE-2014-1949
GTK+ 3.10.9 and earlier, as used in cinnamon-screensaver, gnome-screensaver, and other applications, allows physically proximate attackers to bypass the lock screen by pressing the menu button...
Hidden in the Share button in the attack: Blogger. com exposure of high-risk CSRF(cross-site request forgery)vulnerability-vulnerability warning-the black bar safety net
The Egyptian security expert Mazen shows Gamal Mesbah on Blogger. com found a high risk of CSRF(cross-site request forgery)vulnerabilities. The vulnerability can allow an attacker in blogger without the knowledge of writing and publishing blogs, while the private blog public. Blogger is Google's...
openSUSE Security Update : MozillaFirefox (openSUSE-SU-2014:1581-1)
This MozillaFirefox update fixes several security and non security issues. Changes in MozillaFirefox : - update to Firefox 34.0.5 bnc908009 - Default search engine changed to Yahoo! for North America - Default search engine changed to Yandex for Belarusian, Kazakh, and Russian locales - Improved...
Cross site scripting
Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...
CVE-2014-7181
Cross-site scripting XSS vulnerability in the Max Foundry MaxButtons plugin before 1.26.1 for WordPress allows remote attackers to inject arbitrary web script or HTML via the id parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation pa...
WordPress MaxButtons Plugin <= 1.26.0 - XSS
Because of this vulnerability, the attackers can inject arbitrary web script or HTML via the "id" parameter in a button action on the maxbuttons-controller page to wp-admin/admin.php, related to the button creation page. Solution Update the plugin...
[SECURITY] [DSA 2984-2] acpi-support regression update
------------------------------------------------------------------------- Debian Security Advisory DSA-2984-2 [email protected] http://www.debian.org/security/ Raphael Geissert August 11, 2014 http://www.debian.org/security/faq -...
Pinterest "Pin It" Button Lite 1.3.1 - Multiple Unspecified Vulnerabilities
The Pinterest "Pin It" Button WordPress plugin was affected by a Multiple Unspecified Vulnerabilities security vulnerability...
Thank You Counter Button <= 1.8.2 - Cross-Site Scripting (XSS)
The Thank You Counter Button WordPress plugin was affected by a Cross-Site Scripting XSS security vulnerability...
Envoy: Delete visitor from IPAD with fullname which contains JS results XSS
Hi, Update visitor from IPAD with fullname of alert1 and save. IGNORE THE POP UP, IT HAS BEEN REPORTED ALREADY Delete this user, XSS will pop up, the fullname is now stored XSS. Any visitor which using the IPAD application can create stored XSS which will be activate once you clicked on the delet...
WordPress WP-Predict Plugin 1.0 - Blind SQL Injection
No description provided by source. Exploit Title: WordPress WP-Predict v1.0 Blind SQL Injection Date: 7/9/12 Exploit Author: Chris Kellum Vendor Homepage: http://www.pootlepress.co.uk/ Software Link: http://downloads.wordpress.org/plugin/wp-predict.zip Version: 1.0 =====================...
Wordpress Simple Download Button Shortcode Plugin 1.0 - Remote File Disclosure
No description provided by source. Description : Wordpress Plugins - Simple Download Button Shortcode Remote File Disclosure Vulnerability Version : 1.0 Link : http://wordpress.org/extend/plugins/simple-download-button-shortcode/ Plugins :...
Internet Explorer 8 - Fixed Col Span ID Full ASLR, DEP & EMET 4.1.X Bypass
Exploit for windows platform in category remote exploits function strtointstr return str.charCodeAt10x10000 + str.charCodeAt0; var free = "EEEE"; while free.length 500 free += free; var string1 = "AAAA"; while string1.length 500 string1 += string1; var string2 = "BBBB"; while string2.length 500...
Allomani Movies Library 2.0 - CSRF Vulnerability (Add Admin)
No description provided by source. Movies Library 2.0 XSRF Vulnerability Add Admin ==================================================================== .:. Author : AtT4CKxT3rR0r1ST [email protected] .:. Script : http://allomani.com/en/moviesscript.html === Exploit === form method=POST name=form0...
Acpid 1:2.0.10-1ubuntu2 Privilege Boundary Crossing Vulnerability
No description provided by source. Exploit Title: Acpid Privilege Boundary Crossing Vulnerability Google Dork: Date: 23-11-2011 Author: otr Software Link: https://launchpad.net/ubuntu/+source/acpid Version: 1:2.0.10-1ubuntu2 Tested on: Ubuntu 11.10, Ubuntu 11.04 CVE : CVE-2011-2777 -- Safeguard...
Microsoft Internet Explorer 6/7/8 'li' Element Denial of Service Vulnerability (1)
No description provided by source. source: http://www.securityfocus.com/bid/36070/info Microsoft Internet Explorer is prone to a remote denial-of-service vulnerability. Successful exploits can allow attackers to crash the affected browser, resulting in denial-of-service conditions. Given the natu...
Faceless: Tap Jacking Attack on Button Tags
UI Redressing Tap jacking attack may trick users into tapping a specifically crafted malicious App popup window e.g. toast view, making it a gateway for varied threats such as framing attack. Using this technique, a malicious App could potentially trick a user into making purchases, clicking on...
WordPress SnapApp Plugin <= 1.5 - Multiple XSS
Because of these multiple vulnerabilities in js/button-snapapp.php, the attackers can inject arbitrary web script or HTML. Solution Update the plugin...
openSUSE Security Update : chromium (openSUSE-SU-2013:0236-1)
Update to 26.0.1383 - Security fixes bnc798326 - CVE-2012-5145: Use-after-free in SVG layout - CVE-2012-5146: Same origin policy bypass with malformed URL - CVE-2012-5147: Use-after-free in DOM handling - CVE-2012-5148: Missing filename sanitization in hyphenation support - CVE-2012-5149: Integer...
CVE-2013-7273
GNOME Display Manager gdm 3.4.1 and earlier, when disable-user-list is set to true, allows local users to cause a denial of service unable to login by pressing the cancel button after entering a user name...