Bug Hunter Finds 'Blended Threat' Targeting Yahoo Web Site

A Romanian bug hunter has discovered a “blended threat” targeting Yahoo’s Developer Network Web site that allows unauthorized access to Yahoo users’ emails and private profile data. At a security conference Sunday, Sergiu Dragos Bogdan demonstrated an abbreviated version of an attack using the YQ...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox regressions (USN-1638-3)

USN-1638-1 fixed vulnerabilities in Firefox. The new packages introduced regressions in cookies handling and the User Agent string. This update fixes the problem. Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloske...

Mozilla Firefox Multiple Vulnerabilities - November12 (Windows)

This host is installed with Mozilla Firefox and is prone to multiple vulnerabilities. OpenVAS Vulnerability Test $Id: gbmozillafirefoxmultvulnnov12win.nasl 5977 2017-04-19 09:02:22Z teissa $ Mozilla Firefox Multiple Vulnerabilities - November12 Windows Authors: Rachana Shetty Copyright: Copyright...

Mozilla Firefox Multiple Vulnerabilities (Nov 2012) - Mac OS X

Mozilla Firefox is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : firefox vulnerabilities (USN-1638-1)

Gary Kwong, Jesse Ruderman, Christian Holler, Bob Clary, Kyle Huey, Ed Morley, Chris Lord, Boris Zbarsky, Julian Seward, Bill McCloskey, and Andrew McCreight discovered multiple memory safety issues affecting Firefox. If the user were tricked into opening a specially crafted page, an attacker cou...

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

Cross site scripting

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

CVE-2012-5837

CVE-2012-5837 (Developer Toolbar chrome privileges XSS) is addressed in openSUSE’s Firefox ESR update, fixed in firefox-esr-128.5.1-1.1 on GA media (openSUSE-Tumbleweed). Connected advisories (OPENSUSE-SU-2024:14572-1; OSV:OPENSUSE-SU-2024:14572-1) confirm that the Firefox ESR update resolves mul...

CVE-2012-5837

The Web Developer Toolbar in Mozilla Firefox before 17.0 executes script with chrome privileges, which allows user-assisted remote attackers to conduct cross-site scripting XSS attacks via a crafted string...

Script entered into Developer Toolbar runs with chrome privileges — Mozilla

Security researcher Masato Kinugawa reported that when script is entered into the Developer Toolbar, it runs in a chrome privileged context. This allows for arbitrary code execution or cross-site scripting XSS if a user can be convinced to paste malicious code into the Developer Toolbar...

WordPress Cardoza Ajax Search 1.1 SQL Injection Vulnerability

WordPress Cardoza Ajax Search plugin version 1.1 suffers from a remote SQL injection vulnerability. Exploit Title : SQl INJECTION AJAX Post Search --- wordpress plugin--- Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 10/12/12 version: 1.1 software link:...

XSS in answer my question plugin

Exploit Title : Answer my question wordpress plugin Multiple Cross-Site Scripting Vulnerabilities Author:Marcela Benetrix home:www.girlinthemiddle.net Date: 09/19/12 version: 1.1 software link:http://wordpress.org/extend/plugins/answer-my-question/ Answer my question plugin description This plugi...

CVE-2012-5820

The developer-account sample code in Google AdMob does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

CVE-2012-5820

The CVE concerns the Google AdMob developer-account sample code failing to verify that the server hostname matches the CN/subjectAltName in the X.509 certificate. This allows MITM attackers to spoof SSL servers using an arbitrary valid certificate. Affected: Google AdMob sample code; root cause: ...

Keshav Infotech - SQL Injection / Cross-Site Scripting Vulnerabilities

Customised PHP Applications Development | Wordpress application development | iphone applications | offer PHP Programmer and PHP Developer at a affordable cost | Web Design india | Wordpress dedicated Wordpress experts for your Wordpress Development – KeshavInfotech | PHP Web Designers India |...

Tokyo BBS vulnerable to cross-site scripting

Overview Tokyo BBS contains a cross-site scripting vulnerability. Tokyo BBS provided by Come on Girls Interface contains a cross-site scripting vulnerability. Naohiko Tsuda reported this vulnerability to IPA. JPCERT/CC coordinated with the developer under Information Security Early Warning...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in wlcms-plugin.php in the White Label CMS plugin before 1.5.1 for WordPress allows remote attackers to hijack the authentication of administrators for requests that modify the developer name via the wlcmsodevelopername parameter in a save action to...

Multiple vulnerabilities in Megapolis.Portal Manager

Hello 3APA3A! I want to warn you about multiple Cross-Site Scripting vulnerabilities in Megapolis.Portal Manager. It's commercial CMS from Softline-IT earlier Softline, which in particularly widespread among Ukrainian government sites including ministry, parliament, two special services and many...

French Android Malware writer Arrested for stealing $653700

A French hacker has been arrested for spreading a virus through fake smartphone applications. Prosecutors say he stole tiny sums from 17,000 people, amassing about 500,000 euros £405,000 since 2011. Working from the basement of his parents' home in Amiens, France, he created malicious software th...