WordPress Organizer 1.2.1 Cross Site Scripting / Directory Traversal

Hello list! After previous vulnerabilities in plugin Organizer, I'll present five more security vulnerabilities in plugin Organizer for WordPress. This is the fourth in series of advisories concerning vulnerabilities in this plugin. These are Directory Traversal, Cross-Site Scripting and Full pat...

[CAL-2012-0023]Microsoft IE Developer Toolbar Remote Code Execution Vulnerability

CAL-2012-0023Microsoft IE Developer Toolbar Remote Code Execution Vulnerability CVE ID: CVE-2012-1874 http://technet.microsoft.com/en-us/security/bulletin/ms12-037 http://blog.vulnhunt.com/index.php/2012/06/13/cal-2012-0023microsoft-ie-developer-toolbar-remote-code-execution-vulnerability/ 1...

phpAcounts v. 0. 5. 3 SQL injection and fix-vulnerability warning-the black bar safety net

Author: loneferret Affected version: 0.5.3 Developer address: http://phpaccounts.com/ Test platform: Ubuntu Server 11.10 Old app, still fun. Auth. Bypass: http://www.xxx.com /phpaccounts/index.php Username: x' or '1'='1' Password: whatever Upload php shell in preferences Letterhead image upload...

JVN#18397171: FeedDemon vulnerable to arbitrary script execution

FeedDemon is an RSS/Atom feed reader. FeedDemon is vulnerable to arbitrary script execution due to the improper processing during HTML page output based on feed information when using the "feed preview" option. Impact An arbitrary script embedded in an RSS/Atom feed may be executed on the user's...

SAP NetWeaver Dispatcher DiagTraceR3Info Packet Parsing Vulnerability

Added: 06/04/2012 CVE: CVE-2012-2611 OSVDB: 81759 Background SAP Netweaver is a technology platform for building and integrating SAP business applications. Problem SAP Netweaver is vulnerable to a stack buffer overflow when configured with the developer trace level set to 2 or higher. The...

[SECURITY] Fedora 17 Update: android-tools-20120510gitd98c87c-1.fc17

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

JVN#21422837: Roundcube Webmail vulnerable to cross-site scripting

Roundcube Webmail is an open source webmail client from the Roundcube Webmail Project. Roundcube Webmail contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's Internet Explorer when viewing a specially crafted image file. Solution Update the...

JVN#86044443: iLunascape for Android vulnerable in the WebView class

iLunascape for Android is a web browser for Android devices. iLunascape for Android contains a vulnerability in the WebView class. Impact If a user of the affected product uses other malicious Android application, information managed by the affected product may be disclosed. Solution Update the...

[SECURITY] Fedora 16 Update: android-tools-20120510gitd98c87c-1.fc16

The Android Debug Bridge ADB is used to: - keep track of all Android devices and emulators instances connected to or running on a given host developer machine - implement various control commands e.g. "adb shell", "adb pull", etc. for the benefit of clients command-line users, or helper programs...

WordPress WP Easy Gallery 1.7 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...

Fraudulent Apps and Fake AV Found on Google Play

Researchers from the security firm AegisLab discovered more than 15 fake antivirus and free SMS applications on Google’s recently rebranded content market place, Google Play. The applications are redirecting users to a third party site run by the app’s developer. AegisLab researchers could not sa...

IA, CSRF and FPD vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple new security vulnerabilities in plugin Organizer for WordPress. This is the third in series of advisories concerning vulnerabilities in this plugin. These are Insufficient Authorization, Cross-Site Request Forgery and Full path disclosure...

WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload

Exploit for php platform in category web applications I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent,...

XSS, CSRF and AFU vulnerabilities in Organizer for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent, Cross-Site Request Forgery and Arbitrary File...

WordPress Organizer 1.2.1 XSS / CSRF / Shell Upload

Hello list! I want to warn you about multiple security vulnerabilities in plugin Organizer for WordPress. This is the second in series of advisories concerning vulnerabilities in this plugin. These are Cross-Site Scripting reflected and persistent, Cross-Site Request Forgery and Arbitrary File...

Deceptive In-App Ads Hit Users of Draw Something

I really like the new app by OMGPOP called Draw Something. I play this game with my friends possibly a little too much. Draw Something has attracted more than 50 million downloads, and was just acquired by Zynga for $200 million dollars. It was surprising the other day when I noticed an...

JVN#97200417: SENCHA SNS vulnerable to session fixation

SENCHA SNS is an open source SNS software. SENCHA SNS contains a session fixation vulnerability. Impact A remote, unauthenticated attacker may impersonate an honest user of the affected product. As a result, information may be altered or obtained. Solution Update the Software Update to the latest...

SA-CONTRIB-2012-054 - Chaos tool suite - Cross Site Scripting (XSS)

CVE: CVE-2012-2082 This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. The...

Supernet CMS Blind SQL injection

Exploit for php platform in category web applications Exploit Title: Supernet CMS BlindSQLi Date: 22.03.2012 Google Dork/s: Greetz: Inj3ct0r 1337day Exploit DataBase 1337day.com allintext:"Vse pravice pridržane | © 2006 Supernet.si" site:.si allintext:"Vse pravice pridržane | © 2007 Supernet.si"...

Android FTPServer 1.9.0 Denial Of Service

Exploit Title: Android FTPServer 1.9.0 Remote DoS Date: 03/20/12 Author: G13 Twitter: @g13net Software Site: https://sites.google.com/site/andreasliebigapps/ftpserver/ Download Link: http://www.g13net.com/ftpserver.apk Version: 1.9.0 Category: DoS android Vulnerability FTPServer is vulnerable to ...