JVN#86472161 Movable Type cross-site scripting vulnerability

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is a different vulnerability than past reports on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the latest versio...

Design/Logic Flaw

The PackageManagerService class in services/java/com/android/server/PackageManagerService.java in Android 1.5 through 1.5 CRB42 does not properly check developer certificates during processing of sharedUserId requests at an application's installation time, which allows remote user-assisted...

[oCERT-2009-006] Android improper package verification when using shared uids

2009-006 Android improper package verification when using shared uids Description: Android, an open source mobile phone platform, improperly checks developer certificates when installing packages that request the shared user identifier uid permission. Normally, Android applications will be allowe...

HP-UX Update for HP-UX Pkg HPSBUX02196

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX02196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for HP-UX Pkg HPSBUX02196

Check for the Version of HP-UX Pkg OpenVAS Vulnerability Test HP-UX Update for HP-UX Pkg HPSBUX02196 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

HP-UX Update for Java JRE and JDK HPSBUX02284

Check for the Version of Java JRE and JDK OpenVAS Vulnerability Test HP-UX Update for Java JRE and JDK HPSBUX02284 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

What every programmer needs to know about security

Software security expert Neil Daswani of Google discusses the key things that every Web developer, and developers in general, should know about security, including how SQL injection attacks work...

Flex CMS Calendar (ItemId) Blind SQL Injection Vulnerability

Exploit for unknown platform in category web applications =========================================================== FlexCMS Calendar ItemId Blind SQL Injection Vulnerability =========================================================== FlexCMS CalendarItemId Blind SQL Injection Vulnerability...

FlexCMS Calendar Blind SQL Injection

FlexCMS CalendarItemId Blind SQL Injection Vulnerability AUTHOR: MisterRichard Developer site: http://www.flexcms.dk/ Admin login site: http://target.com/flexadmin/ = Vulnerability author : Lanti-Net = Contact: lanti-netathotmaildotcom = Site : www.khg-crew.ws = Greetz: SpYrO , boom3rang, KHG,...

HP unveils Flash vulnerability scanner

HP has released a free static-analysis tool designed to find vulnerabilities in applications developed on the Adobe Flash platform. But HP SWFScan is no security geek plaything. It’s meant specifically for developers without much in the way of security training. The tool is the brainchild of the...

FlexCMS (catId) Remote SQL Injection Vulnerability

No description provided by source. AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...

Flex CMS (catId) Remote SQL Injection Vulnerability

Exploit for unknown platform in category web applications ================================================== FlexCMS catId Remote SQL Injection Vulnerability ================================================== AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Develope...

FlexCMS SQL Injection

AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...

FlexCMS 2.5 - catId SQL Injection

FlexCMS 2.5 - catId SQL Injection AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection:...

FlexCMS 2.5 - 'catId' SQL Injection

AUTHOR: MisterRichard FlexCMS Remote SQL Injection Discovered by MisterRichard. Developer site: http://www.flexcms.dk/ Developer has not been notified. Live demo: Injection: www.target.com/flx/webshop/?catId=145%20union%20all%20select%201,2,3,concatusername,char58,password+from+users--...

4Site CMS <= 2.6 Multiple Remote SQL Injection Vulnerabilities

No description provided by source. WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules "Pages" module:...

4Site CMS 2.6 SQL Injection

WSEC-09-002 4Site CMS = 2.6 Multiple Remote SQL Injections Developer site: http://www.4site.ru/ Discovered by D.Mortalov // wsec.ru 1. Auth Bypass Login: 1'or'1 Password: 1'or’1 2. Multiple Remote SQL Injections in 4site CMS modules "Pages" module:...

XSS in the Widget Connector

I've been working with the widget connector today and reading through the code when I noticed that the media uris are not being handled securely. try this: widget:url=youtube.com/v="alert'xss' In general there is not a unified way to prevent issues like this in the widget extensions and it is up ...

XSS in the Widget Connector

I've been working with the widget connector today and reading through the code when I noticed that the media uris are not being handled securely. try this: widget:url=youtube.com/v="alert'xss' In general there is not a unified way to prevent issues like this in the widget extensions and it is up ...

JVN#10170564 MODx cross-site scripting vulnerability

MODx, an open source contents management system, contains multiple cross-site scripting vulnerabilities. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Apply the latest update provided by the developer. Products Affected MODx 0.9.6.2 and earlier...