dopvSTAR* vulnerable to cross-site scripting

Overview dopvSTAR provided by bayashi.net is a software to analyze web access logs. dopvSTAR contains a cross-site scripting vulnerability. Masahiro YAMADA reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning Partnership. Impact An...

Design/Logic Flaw

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors...

CVE-2013-0887

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors...

CVE-2013-0887

The developer-tools process in Google Chrome before 25.0.1364.97 on Windows and Linux, and before 25.0.1364.99 on Mac OS X, does not properly restrict privileges during interaction with a connected server, which has unspecified impact and attack vectors...

CVE-2013-0887

Chromium-based: CVE-2013-0887 affects Google Chrome prior to 25.0.1364.97 (Windows/Linux) and prior to 25.0.1364.99 (Mac). The developer-tools process does not properly restrict privileges when interacting with a connected server, but the provided documents do not specify impact, attack vectors, ...

CVE-2013-0887

Removed by vendor...

Chrome 25 Fixes Nine High-Risk Vulnerabilities

Google has fixed nine high-severity vulnerabilities in its Chrome browser, as well as a dozen other flaws with the release of Chrome 25. This release is one of the few for which the company did not pay out much in the way of bug bounties, only giving out $3,500. In Chrome 25 Google also disabled...

Google Chrome < 25.0.1364.97 Multiple Vulnerabilities

Binary data 800930.prm...

Google Chrome < 25.0.1364.97 Multiple Vulnerabilities

The version of Google Chrome installed on the remote host is a version prior to 25.0.1364.97. It is, therefore, affected by the following vulnerabilities : - An unspecified memory corruption error exists related to 'web audio node'. CVE-2013-0879 - Use-after-free errors exist related to database...

Samsung's new OS Tizen 2.0 source code released

The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it's designed to run apps written using web technologies...

Samsung's new OS Tizen 2.0 source code released

The Tizen 2.0 source code and SDK has officially been released. Tizen is a Linux-based open-source software platform backed by Intel and Samsung Electronics, that is designed for smartphones, tablets, smart TVs and in-car systems and it’s designed to run apps written using web technologies...

JVN#02596643: 3DM (3ware Disk Manager) vulnerable to directory traversal

3DM provided by LSI is a software to manage a RAID controller. 3DM contains a directory traversal vulnerability. Impact A remote attacker may obtain arbitrary files. Solution Use 3DM2 The developer states that the development of 3DM is discontinued and there are no plans for 3DM to be modified. U...

Google Play Gives User Data to App Devs

Android application developer Dan Nolan claims that the Google Play store sends software developers the names, approximated locations, and email addresses of every individual that downloads one of their applications. Nolan created a “Paul Keating Insult Generator” application that is apparently...

[SECURITY] Fedora 17 Update: android-tools-20130123git98d0789-1.fc17

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

JVN#95863326: Cybozu Garoon vulnerable to cross-site scripting

Cybozu Garoon provided by Cybozu is a groupware. Cybozu Garoon contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser when the user is assigned the "logging" permission. Solution Update the Software Update to the latest version accordin...

Wine On Android For Running Windows Apps

As you know, many enthusiasts Android mobile users wishing for alternate of WINE software for Android mobiles or tablet as well, that allow applications designed for Microsoft Windows to run on Unix-like operating systems. Sounds Interesting ? Alexandre Julliard, the original developer behind the...

Wordpress Developer Formatter CSRF Vulnerability

==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Date: 21/01/13 Author: Junaid Hussain - illSecure Research Group - Contact: [email protected] | Website:...

WordPress Developer Formatter Plugin 3.5 - CSRF

Developer Formatter plugin is prone to a cross site request forgery vulnerability. It allows an attacker to gain unauthorized access to the affected application by performing certain actions in the context of an authorized user's session. Solution Update the plugin...

WordPress Plugin Developer Formatter - Cross-Site Request Forgery

WordPress Plugin Developer Formatter - Cross-Site Request Forgery ==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Google Dork: inurl:devformatter/devformatter.php...

WordPress Plugin Developer Formatter - Cross-Site Request Forgery

==================================================================================================================== Exploit Title: Wordpress Developer Formatter CSRF Vulnerability Google Dork: inurl:devformatter/devformatter.php Date: 21/01/13 Author: Junaid Hussain - illSecure Research Group -...