Discuz x 1.5 小松鼠(Discuz! X1.5 xss)

简要描述： 开发人员疏忽. 详细说明： 在发帖时输入imgjavascript:alert/sogili//img 漏洞证明： 自己去看咯...

Ax Developer CMS 'user.php' Local File Include Vulnerability

Ax Developer CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This ma...

Ax Developer CMS <= 0.1.1 LFI Vulnerability - Active Check

Ax Developer CMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

JVN#50704770: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...

IBM Developer Works Defaced by Hmei7 !

IBM Developer Works Defaced by Hmei7 ! Website Link : https://www.ibm.com/developerworks/linux/ Zone-H mirror: News Source : Hmei7 Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

Nook Color Bluetooth Chip Hacked !

Barnes and Noble's full color touch screen, Wi-Fi and 3G enabled eReader tablet NOOK color ships with a Bluetooth chip that is not activated. Well, not anymore. A user occip at XDA-developers has managed to start the Bluetooth on the device and scanning and connecting to devices is working well...

AVG 2011 Software Pack (All-in-one) +keys Download

AVG Anti-Virus 2011 11.20 Build 3152 Final x86/x64 Anti-Virus 2011 New version of famous anti-virus program from Czech developer to protect your PC from dangerous objects and network threats. Program blocks viruses, trojans, worms, spyware, and a module to deal with rootkits helps get rid of the...

Social Share 2010-06-05 Cross Site Scripting

www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...

Embedded Video WordPress Plugin Cross Site Vulnerability &#40;XSS&#41; - CVE-2010-4277

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Embedded Video WordPress Plugin Cross Site Scripting Vulnerability...

JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed

When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...

JVN#36673836: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

JVN#36765384: Google Chrome information disclosure vulnerability

Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Impact When viewing a specially crafted web page, information may be disclosed. Solution Update the Software Update to the latest version according to the information provided by the...

JVN#46026251: Safari address bar spoofing vulnerability

Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...

[eVuln.com] Multiple XSS in MCG GuestBook

New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...

With the FindBugs code analysis vulnerability-vulnerability warning-the black bar safety net

Static analysis tools promise without developer effort will be able to find out the code has some defects. Of course, if you have years of writing experience, you will know that these promises are not necessarily fulfilled. Nevertheless, a good static analysis tool is still in the Toolbox...

Fedora 14 Introduces libjpegturbo for Faster Image Processing

Fedora 14, known as "Laughlin," officially launched on Tuesday, offering numerous new features aimed at enhancing the user experience for this open-source desktop operating system. Usability Focus In recent releases, Fedora, sponsored by Red Hat, has concentrated on improving usability. According...

Privacy Crackdown Rattles Facebook Developers

Following an embarrassing expose in the Wall Street Journal, Facebook has tightened its controls over the ways in which applications that use the social networking platform can share unique user identity information or UIDs. The company also banned several applications accused of improperly...

JVN#68536660: Archive Decoder may insecurely load executable files

Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...

Report: Reused, Third Party Code Major Sources of Insecurity

A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity. Application security is a sore spot for many organizations, as attackers shift the battlefield from operating system and network attacks to application specifi...

QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability &#40;wintab32.dll&#41;

OVERVIEW The QtWeb Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION QtWeb Browser is a...