Design/Logic Flaw

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

CVE-2012-0918

CVE-2012-0918 concerns Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite (versions 01-00 through 02-01-/D and 02-01-/C, possibly earlier). Connected sources describe an arbitrary code execution vulnerability that can be exploited remotely via unknown vectors. The root cause,...

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

Microsoft Releases January Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software as part of the Microsoft Security Bulletin Summary for January 2012. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges,...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Microsoft Previews January Patch – And New Class of Vulnerability

Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers...

Microsoft to Issue Seven Bulletins, One Critical, on Patch Tuesday

Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools an...

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh "Ultimate Encoder" - Another Online tool by lionaneesh, an Indian developer and Hacker. Its a PHP Encoder with multiple compression. A Piece of code can be encoded multiple times making it impossible for any Anti Virus to...

JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting

MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...

JVN#40498018: WordPress vulnerable to arbitrary PHP code execution

WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...

China Software Developer Network (CSDN) 6 Million user data Leaked

China Software Developer Network CSDN 6 Million user data Leaked The "Chinese Software Developer Network" CSDN, operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name,...

JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

PEC php calendars script SQL injection and fix-vulnerability warning-the black bar safety net

==================================================== php calendars script SQL Injection ==================================================== calendars script SQL Injection Author: Mr. MLL www.badguest.cn Download address: http://www.phpcodeworks.com/pec/downloads Developer :...

JVN#48839888: Nikki vulnerable to OS command injection

Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...

Mambo 4.x - 'Zorder' SQL Injection

Exploit Title : CMS 4.x.x Zorder SQL Injection Vul + Author : Kr4L BeNiM + Contact : www.facebook.com/kr4l.hacker + Date : November 13, 2011 + Software Link: http://mambo-developer.org + Category: Web Apps Vulnerability: SQL injection Vulnerability Exploit : - The "zorder" parameter was not...

Apple Trips Up Again on Security

The odd thing about the way that Apple handles its security business is that there’s no real way to tell how Apple handles its security business. The company’s motives and reasoning are unknowable, thanks to its near-total silence on security matters and that attitude is beginning to border on th...

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...

Apple Drops Researcher From Dev Program Over iOS Bug Demo App

Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program. Miller had created the app, which i...