[SECURITY] Fedora 17 Update: drupal7-ctools-1.3-1.fc17

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

[SECURITY] Fedora 18 Update: drupal7-ctools-1.3-1.fc18

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pa ges. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it...

Dotclear 2.4.4 Cross Site Scripting / Content Spoofing

Hello list! These are Cross-Site Scripting and Content Spoofing vulnerabilities in Dotclear. CMS Dotclear has three vulnerable flash-files: swfupload.swf, playerflv.swf and playermp3.swf. File swfupload.swf it's Swfupload. I've wrote about vulnerabilities in Swfupload in November 2012...

JVN#65034198: Sleipnir for Windows vulnerable to address bar spoofing

Sleipnir for Windows contains an issue in displaying colors and the padlock icon on the address bar, which may result in the address bar being spoofed. Impact A user may misinterpret that the website is using the SSL for communications even when the site is not using SSL. Solution Update the...

URL Redirection flaw in Facebook apps push OAuth vulnerability again in action

In earlier posts, our Facebook hacker 'Nir Goldshlager' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrat...

WHMCS Grouppay 1.5 SQL Injection

Tile: WHMCS grouppay plugin SQL Injection = 1.5 Author: HJauditing Employee Tim E-mail: [email protected] Web: http://hjauditing.com/ Plugin: http://kadeo.com.au/design-and-development/whmcs-dev/whmcs-modules/72-group-pay.html ============ Introduction ============ We have found a SQL injection...

Code injection

Google Chrome before 26.0.1410.43 does not prevent navigation to developer tools in response to a drag-and-drop operation, which allows user-assisted remote attackers to have an unspecified impact via a crafted web site...

CVE-2013-0918

CVE-2013-0918 affects Google Chrome pre-26.0.1410.43. The vulnerability arises from not preventing navigation to developer tools during a drag-and-drop operation, enabling user-assisted remote attackers to impact via a crafted site. Connected advisories (OpenVAS/Nessus) confirm the CVE across pla...

CVE-2013-0918

Removed by vendor...

JVN#80922020: ArtIME Japanese Input vulnerable to information disclosure

ArtIME Japanese Input is a Japanese Input Method Editor IME for Android devices. ArtIME Japanese Input contains an issue in the access permissions for the certain files. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product...

Google Chrome < 26.0.1410.43 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 26.0.1410.43 and is, therefore, affected by the following vulnerabilities : - Use-after-free errors exist related to 'Web Audio' and the extension bookmarks API. CVE-2013-0916, CVE-2013-0920 - An out-of-bounds read...

CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka "Silverlight Double Dereference Vulnerability."...

CVE-2013-0074

Microsoft Silverlight 5, and 5 Developer Runtime, before 5.1.20125.0 does not properly validate pointers during HTML object rendering, which allows remote attackers to execute arbitrary code via a crafted Silverlight application, aka “Silverlight Double Dereference Vulnerability.” Recent...

CVE-2013-0074

CVE-2013-0074 (Microsoft Silverlight) affects Silverlight 5 and the 5 Developer Runtime prior to 5.1.20125.0. The root cause is improper validation of pointers during HTML object rendering, leading to a pointer-dereference memory corruption that can allow remote code execution via a crafted Silve...

Android developer said 'F-Secure can say that anything is malware'

As the popularity of Android has boomed, more and more malware is targeting the platform. Digital miscreants are using fraudulent developer accounts on Google's Play marketplace to spread malware. According to latest Mobile Threat report from F-Secure, Android malware continued to gain in share i...

Fake Google Play Accounts Peddling Banking Malware

On the one year anniversary of Google Play comes news that a new botkit is making the rounds that leverages actual verified accounts from that marketplace to trick users into downloading phony banking applications. Brian Krebs, who goes into further detail about the malware in a post on his blog...

Qool CMS v2.0 RC2 Multiple HTML And JavaScript Injection Vulnerabilities

Summary Qool CMS is a content management system that helps web masters be more productive. Qool has been built with both worlds web master, web developer in mind. It is easy to create addons extensions for the system but you can really do without them too. Description Qool CMS suffers from multip...

Question2Answer 1.5.3 CSRF / Brute Force

Hello list! These are Brute Force, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the first part of vulnerabilities in this web application. ------------------------- Affected products: ------------------------- Vulnerable are all versions ...

Question2Answer 1.5.3 CSRF / Brute Force Vulnerability

Exploit for php platform in category web applications These are Brute Force, Insufficient Anti-automation and Cross-Site Request Forgery vulnerabilities in Question2Answer. This is the first part of vulnerabilities in this web application. ------------------------- Affected products:...

dopvSTAR* vulnerable to cross-site scripting

Overview dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...