Case YVS Image Gallery

http://osvdb.org/show/osvdb/79477 The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: """ caseisset$POST'dbname': $host = $POST'host'; $dbname = $POST'dbname'; $dbusername = $POST'dbusername'; $dbpasswor...

JVN#83459967: Janetter vulnerable to cross-site request forgery

Janetter is a client software for using Twitter. Janetter contains a cross-site request forgery vulnerability. Impact When a malicious page is opened with a web browser while Janetter is being used, the user may be impersonated to post tweets, upload local image files, and OS commands may be...

OneFileCMS 1.1.4 Access Bypass

Exploit Title: OneFileCMS - Failure to Restrict URL Access | Date: 12th March 2012 | Author: Abhi M Balakrishnan | Software Link: https://github.com/rocktronica/OneFileCMS/blob/4340be5355b702c771ef03d4b00c74d358443b38/onefilecms.php | Version: upto 1.1.4 | Tested on: Apache-2.2.17, PHP-5.2.17,...

JVN#31860555: twicca fails to restrict access permissions

twicca is a client software for using Twitter. twicca contains an issue where access permissions are not restricted. Impact Android applications without permissions for network access may upload image files with the privileges of twicca. Solution Update the Software Apply the latest update for ea...

JVN#14791558: Jenkins vulnerable to cross-site scripting

Jenkins is a continuous integration CI tool. Jenkins contains a cross-site scripting vulnerability. Note that this vulnerability is different from JVN79950061. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according...

The Killswitch : They can remotely modify your Window 8

The Killswitch : They can remotely modify your Window 8 Last year,a Finnish software developer, was cruising Google's Android Market for smartphone apps last year when he noticed something strange. Dozens of best-selling applications suddenly listed the same wrong publisher. Google uses a little...

Gatekeeper to Bring Tight App Controls to OS X Mountain Lion

Apple’s implementation of a semi-new set of technologies collectively known as Gatekeeper in the upcoming Mountain Lion release of Mac OS X is set to give users better control of the security of the machines, specifically which apps are allowed to run. The Gatekeeper system will enable users to...

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

Design/Logic Flaw

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

CVE-2012-0918

CVE-2012-0918 concerns Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite (versions 01-00 through 02-01-/D and 02-01-/C, possibly earlier). Connected sources describe an arbitrary code execution vulnerability that can be exploited remotely via unknown vectors. The root cause,...

CVE-2012-0918

Unspecified vulnerability in Hitachi COBOL2002 Net Developer, Net Server Suite, and Net Client Suite 01-00, 01-01 through 01-01-/D, 01-02 through 01-02-/F, 01-03 through 01-03-/F, 02-00 through 02-00-/D, 02-01 through 02-01-/C, and possibly other versions before 02-01-/D allows remote attackers t...

Microsoft Aims to Make Life Harder, More Expensive For Attackers

MIAMI BEACH–It’s been a decade now since Microsoft began focusing on product security as a top priority and there have been a lot of successes and some failures along the way. But in that time, one of the things that most definitely has changed as a result of the Trustworthy Computing program is...

Microsoft Releases January Security Bulletin

Microsoft has released updates to address vulnerabilities in Microsoft Windows and Microsoft Developer Tools and Software as part of the Microsoft Security Bulletin Summary for January 2012. These vulnerabilities may allow an attacker to execute arbitrary code, operate with elevated privileges,...

PT-2012-2538 · Apache · Apache Struts

Name of the Vulnerable Software and Affected Versions: Apache Struts versions prior to 2.3.1.1 Description: The issue allows remote attackers to execute arbitrary commands via unspecified vectors when the DebuggingInterceptor component is used in developer mode. The vendor characterizes this...

Microsoft Previews January Patch – And New Class of Vulnerability

Microsoft said in a post on the Technet Web site that it plans to release seven security bulletins on Tuesday, fixing eight security holes in a variety of products. Among them will be a fix for a new class of software vulnerability – the “Security Feature Bypass,” which could be used by attackers...

Microsoft to Issue Seven Bulletins, One Critical, on Patch Tuesday

Microsoft plans to issue seven security bulletins in the January Patch Tuesday release next week, fixing six vulnerabilities rated important and one rated critical. The bugs affect a variety of products, including Windows XP, Vista, Windows 7, Server 2003 and 2008 and Microsoft Developer Tools an...

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh

Ultimate Encoder - PHP Encoder with multiple compression by lionaneesh "Ultimate Encoder" - Another Online tool by lionaneesh, an Indian developer and Hacker. Its a PHP Encoder with multiple compression. A Piece of code can be encoded multiple times making it impossible for any Anti Virus to...

JVN#60887968: Movable Type Plugin MailForm vulnerable to cross-site scripting

MailForm is a plugin for Movable Type. MailForm contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the fixed version according to the information provided by the developer. Products Affected...

JVN#40498018: WordPress vulnerable to arbitrary PHP code execution

WordPress provided by WordPress.Org is a weblog system. WordPress contains a vulnerability where arbitrary PHP code may be executed. Impact Arbitrary PHP code may be executed with the privilege of the application on the server where it resides. Solution Update the software Update to the latest...

China Software Developer Network (CSDN) 6 Million user data Leaked

China Software Developer Network CSDN 6 Million user data Leaked The "Chinese Software Developer Network" CSDN, operated by Bailian Midami Digital Technology Co., Ltd., is one of the biggest networks of software developers in China. A text file with 6 Million CSDN user info including user name,...