Localize: Business logic Failure - Browser cache management and logout vulnerability.

Vulnerability class: Business logic Failure - Browser cache management and logout vulnerability. Vulnerability impact: Logging out from an application does not clear the browser cache of any sensitive information that have been stored. Steps to reproduce: 1. Login to portal. 2.browse few tabs 3...

Researchers Get $10,000 for Hacking Google Server with Malicious XML

A critical vulnerability has been uncovered in Google that could allow an attacker to access the internal files of Google’s production servers. Sounds ridiculous but has been proven by the security researchers from Detectify. The vulnerability resides in the Toolbar Button Gallery as shown. The...

CVE-2012-1561

Cross-site scripting XSS vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."...

CVE-2012-1561

Cross-site scripting XSS vulnerability in the Finder module 6.x-1.x before 6.x-1.26, 7.x-1.x, and 7.x-2.x before 7.x-2.0-alpha8 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified vectors related to the "checkbox and radio button functionalities."...

PT-2015-3695 · Gtk+ Team +1 · Gtk+ +1

Name of the Vulnerable Software and Affected Versions: GTK+ versions 3.10.9 and earlier Description: The issue allows physically proximate attackers to bypass the lock screen by pressing the menu button in applications that use GTK+, such as cinnamon-screensaver and gnome-screensaver...

PT-2014-3454 · Red Hat · Red Hat Cloudforms Management Engine

Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms Management Engine version 5.2 Description: The issue allows remote attackers to execute arbitrary methods via unspecified vectors, due to a problem in the x button method in the ServiceController. Recommendations: For Red H...

CFME: Dangerous send in ServiceController

The xbutton method in the ServiceController vmdb/app/controllers/servicecontroller.rb in Red Hat CloudForms 3.0 Management Engine 5.2 allows remote attackers to execute arbitrary methods via unspecified vectors...

CVE-2014-2315

The CVE-2014-2315 entry concerns the WordPress plugin “Thank You Counter Button” (version 1.8.7) and is impacted by multiple stored XSS flaws. The vulnerability affects the parameters (thanks_caption, thanks_caption_style, thanks_style) passed to wp-admin/options.php, enabling remote attackers to...

CVE-2014-2315

Multiple cross-site scripting XSS vulnerabilities in the Thank You Counter Button plugin 1.8.7 for WordPress allow remote attackers to inject arbitrary web script or HTML via the 1 thankscaption, 2 thankscaptionstyle, or 3 thanksstyle parameter to wp-admin/options.php...

CVE-2014-0861

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

Cross site scripting

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

CVE-2014-0861

Cross-site scripting XSS vulnerability in the server in IBM Cognos Business Intelligence BI 8.4.1, 10.1 before IF6, 10.1.1 before IF5, 10.2 before IF7, 10.2.1 before IF4, and 10.2.1.1 before IF4 allows remote attackers to inject arbitrary web script or HTML via an unspecified parameter that is no...

Confirmed: Samsung Galaxy S5 has a Fingerprint Scanner

After the huge success of Samsung galaxy S3, Samsung Galaxy S4 and Samsung Tablets, the world’s most successful Android manufacturer is going to reveal its brand new Smartphone Samsung Galaxy S5 next week at Mobile World. Early in 2014, rumors suggested that Samsung Galaxy S5 will have Fingerprin...

Fedora 20 : ikiwiki-3.20140125-1.fc20 (2014-1747)

Update to the latest stable version. Changes in ikiwiki 3.20140125 : - inline: Allow overriding the title of the feed. Closes: http://bugs.debian.org/735123 Thanks, Christophe Rhodes - osm: Escape name parameter. Closes: http://bugs.debian.org/731797 Changes in ikiwiki 3.20140102 : - aggregate:...

HackerOne: LinkedIN URL should be HTTPS

Not really a security bug, but I think will be a good idea to add HTTPS on LinkedIN Share Button. Example page In the right side of page: https://hackerone.com/reports/547 LinkedIN redirect to HTTPS after click, but cookie is sent on the network before that. Thanks!...

Chrome Pop-Up Warns Windows Users of Browser Hijacking

A rising number of online scams involve the modification of browser settings where a hacker spikes a free download or website with malware. The end result is generally a click-fraud scheme of some kind where the new browser settings might include spiked search engine pages or a new home page...

CVE-2013-6005

Cross-site scripting XSS vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button...

Cross site scripting

Cross-site scripting XSS vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button...

CVE-2013-6005

Cross-site scripting XSS vulnerability in Cybozu Dezie before 8.1.0 allows remote attackers to inject arbitrary web script or HTML via vectors related to the Cancel button...

Password reset emails are unusable on Outlook Web Access

When viewing a requested password reset email in Outlook webmail a user cannot see the button representing the main required action. Screenshot attached shows text highlighted to better demonstrate the issue White text on White background. Probably an Outlook issue but I think there might be...