JVN#73357573: Movable Type vulnerable to cross-site scripting

Movable Type contains an issue in processing the management page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed or a false form may be displayed on the administrator's web browser. Solution Update the software Update to the latest version...

AdThief iOS Malware Affecting 75K Jailbroken Devices

A relatively new form of malware on iOS is estimated to have stolen revenue from 22 million ads and infected upwards to 75,000 devices so far. The malware, iOS/AdThief, was first identified back in March but wasn’t fully articulated until Axelle Aprville, a researcher with Fortinet, looked into t...

Mozilla Adding Granular App Permissions to Firefox OS

Mozilla is set to add a feature to its mobile Firefox OS that will give users the ability to revoke any application’s permissions on a granular basis. Firefox OS is the open source operating system that Mozilla built for smartphones. The software runs on a variety of devices from manufacturers su...

'AdThief' Chinese Malware Infects Over 75,000 Jailbroken iOS devices

If you have jailbroken your iPhone, iPad, or iPod touch and have downloaded pirated tweaks from pirated repositories, then you may be infected by “AdThief” malware, a Chinese malware that is now installed on more than 75,000 iPhone devices. According to a recent research paper published on Virus...

JVN#27531188: Cakifo vulnerable to cross-site scripting

Cakifo is a theme for WordPress. Cakifo contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the theme Update to the latest version according to the information provided by the developer. Products Affected Cakifo 1.0 ...

JVN#80310172: Piwigo vulnerable to cross-site scripting

Piwigo is a software to manage and host image files on the web. Piwigo contains a cross-site scripting vulnerability when the "Community" plugin is activated and validation on user uploaded photos is disabled. Impact When a user views a specially crafted image, arbitrary JavaScript may be execute...

Thousands of Mozilla Developers Emails and Password Exposed Accidentally

Mozilla on Friday notified users of its Mozilla Developer Network MDN that the company has accidentally exposed the e-mail addresses and cryptographically protected passwords of thousands of Mozilla developers. The email addresses of over 76,000 members of its Developer Network, along with 4000...

Automattic: Open Redirect in WordPress Feed Statistics {Affected All Versions}

Hi, Feed Statistics Plugin is vulnerable to Open Redirect and effecting large amount of Websites. Which is the reason it should be patched swiftly. Detail description is given below: Tested on: Wordpress 3.9.1 Vulnerable Plugin: Feed Statistics Plugin Link:...

Developer Formatter 2013.0.1.40 - devformatter.php Multiple Action CSRF

The Developer Formatter WordPress plugin was affected by a devformatter.php Multiple Action CSRF security vulnerability...

JVN#42024228: Cybozu Garoon CGI vulnerable to remote command execution

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon CGI contains a remote command execution vulnerability. Impact An arbitrary command may be executed on the server where Cybozu Garoon resides. Solution Update the Software Update to the latest version according to the information...

JVN#97558950: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Map search", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...

JVN#80583739: Cybozu Garoon vulnerable to cross-site scritping

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains an issue in the function "Notices portlet", which may result in a cross-site scripting vulnerability CWE-79. Impact An arbitrary script may be executed on the web browser of a user that is logged on. Solution Update the...

Facebook Brute Force with Customize Word Lists for Signed In Accounts

Brute Forcing is easy for Any Signed In Facebook Account at Firefox or Chrome. Usage Info Simple is that you just have to run on Developer Console of Google Chrome or Web Console of Firefox, Javascript Console of Safari, you name it. This is private exploit. You can buy it at https://0day.today...

Infosec A-Team to Launch NSA-Proof Invisible Messenger for Whistleblowers

If a whistleblower discloses an activity to the public, then there should be a trust-based mechanism that ensure the protection of truth-tellers on an international level by hiding their identities. In an effort to provide this kind of service and security, Security experts grouped together to...

(RHSA-2014:0831) Low: Red Hat Developer Toolset Version 1 Retirement Notice

In accordance with the Red Hat Developer Toolset Life Cycle policy, the Red Hat Developer Toolset Version 1 offering was retired on June 30, 2014, and support is no longer provided. Accordingly, Red Hat will no longer provide updated packages, including Critical impact security patches or urgent...

Joomla Joaktree Component 1.0 - SQL Injection Vulnerability

No description provided by source. / ! Joomla! Joaktree component SQL injection vulnerability ! Author : Don Tukulesto [email protected] ! Homepage : http://www.indonesiancoder.com ! Date : November 30, 2009 ! Tune In : http://antisecradio.fm choose your weapon / Software Information +...

Meto Forum 1.1 - Multiple Remote SQL Injection Vulnerabilities

No description provided by source. -------------------------------------------\ Meto Forum v1.1 Multiple Remote SQL İinjectin Vulnerable Script : http://www.aspindir.com/goster/5444 Risk : Forum in All users saved password is to take. Coded : Asp , SQL Language = 'Acces'...

ImpressPages CMS 3.6 - manage() Function Remote Code Execution Exploit

No description provided by source. ?!/usr/bin/python ImpressPages CMS v3.6 manage Function Remote Code Execution Exploit Vendor: ImpressPages UAB Product web page: http://www.impresspages.org Affected version: 3.6, 3.5 and 3.1 Summary: ImpressPages CMS is an open source web content management...

Softerra PHP Developer Library 1.5.3 Grid3.lib.PHP Remote File Include Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20442/info Softerra PHP Developer Library is prone to multiple remote file-include vulnerabilities because it fails to sufficiently sanitize user-supplied data. Exploiting these issues may allow an attacker to compromise...

iphone ifile 2.0 - Directory Traversal

No description provided by source. ---------------------------------------------------------------- Software : iPhone iFile 2.0 Type of vunlnerability : Directory Traversal Tested On : iPhone 4 IOS 4.0.1 Risk of use : High ---------------------------------------------------------------- Program...