JVN#94002296: FFFTP may insecurely load executable files

FFFTP contains an issue when loading files, which may insecurely load executables or other files. This vulnerability is different from JVN62336482. Impact An attacker may execute arbitrary code with the privilege of the running application. Solution Update the software Update to the latest versio...

phpWebSite vulnerable to cross-site scripting

Overview phpWebSite contains a cross-site scripting vulnerability. phpWebSite is a content management system CMS. phpWebSite contains a cross-site scripting vulnerability. Daiki Fukumori of Cyber Defense Institute, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with the developer...

PEC php calendars script SQL injection and fix-vulnerability warning-the black bar safety net

==================================================== php calendars script SQL Injection ==================================================== calendars script SQL Injection Author: Mr. MLL www.badguest.cn Download address: http://www.phpcodeworks.com/pec/downloads Developer :...

JVN#48839888: Nikki vulnerable to OS command injection

Nikki from HP no Mawashimono is a CGI software for posting diary entries. Nikki contains an OS command injection vulnerability. Impact An arbitrary OS command may be executed with the privileges of the web server. Solution Update the software Update to the latest version according to the...

Mambo 4.x - 'Zorder' SQL Injection

Exploit Title : CMS 4.x.x Zorder SQL Injection Vul + Author : Kr4L BeNiM + Contact : www.facebook.com/kr4l.hacker + Date : November 13, 2011 + Software Link: http://mambo-developer.org + Category: Web Apps Vulnerability: SQL injection Vulnerability Exploit : - The "zorder" parameter was not...

Apple Trips Up Again on Security

The odd thing about the way that Apple handles its security business is that there’s no real way to tell how Apple handles its security business. The company’s motives and reasoning are unknowable, thanks to its near-total silence on security matters and that attitude is beginning to border on th...

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw

Researcher Charlie Miller kicked out from iOS dev program for Exploiting iOS security flaw A major security flaw in Apple's iOS operating system that could allow hackers to remotely gain unauthorized access to an iPhone, iPod touch or iPad has been uncovered by a security expert "Charlie Miller "...

Apple Drops Researcher From Dev Program Over iOS Bug Demo App

Just a few hours after it became public the security researcher Charlie Miller had inserted a proof-of-concept app into the Apple App Store to demonstrate a serious vulnerability in iOS, Apple informed Miller that it was removing him from its developer program. Miller had created the app, which i...

Apple To Fix iPad 2 Smart Cover Flaw with iOS 5.0.1

Apple will fix an iPad 2 security flaw with the upcoming 5.0.1 build of its iOS operating system, it’s been reported. The fix should solve a problem publicized last month with the device’s locking feature that could’ve let someone access the iPad by bypassing its Smart Cover. According to...

Serendipity 'serendipity[filter][bp.ALT]' Cross-Site Scripting vulnerability

Advisory: Serendipity 'serendipityfilterbp.ALT' Cross-Site Scripting vulnerability Advisory ID: SSCHADV2011-015 Author: Stefan Schurtz Affected Software: Successfully tested on Serendipity 1.5.5 Vendor URL: http://www.s9y.org Vendor Status: fixed CVE-ID: - ========================== Vulnerability...

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user...

Design/Logic Flaw

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user...

CVE-2011-3525

Unspecified vulnerability in the Application Express component in Oracle Database Server 3.2 and 4.0 allows remote authenticated users to affect confidentiality, integrity, and availability, related to APEX developer user...

JVN#41657660: Safari for iOS vulnerable to cross-site scripting

Safari for iOS provided by Apple does not support the "attachment" value for the HTTP Content-Disposition header, resulting in a cross-site scripting vulnerability. Impact Opening a maliciously crafted file may lead to an arbitrary script being executed on the user's web browser. Solution Update...

JVN#08307791: Plume vulnerable to cross-site scripting

Plume is a Content Management System CMS. Plume contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the web browser of a user that is logged in as administrator. Solution Update the Software Update to the latest version according to the information provide...

JVN#03869266: Enkai-kun vulnerable to cross-site scripting

Enkai-kun provided by utage.org contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Update the software Update to the latest version according to the information provided by the developer. Products Affected Versions prior t...

[SECURITY] Fedora 16 Update: kdesdk-4.7.1-1.fc16

A collection of applications and tools used by developers, including: cervisia: a CVS frontend kate: advanced text editor kcachegrind: a browser for data produced by profiling tools e.g. cachegr ind kompare: diff tool kuiviewer: displays designer's UI files lokalize: computer-aided translation...

Vulnerability in multiple themes for Drupal

Hello list! The endless saga continue. After informing about a lot of vulnerable plugins and widgets with this swf-file, here is information about multiple vulnerable themes ;-. I want to warn you about Cross-Site Scripting vulnerability in multiple themes for Drupal. And a lot of other themes fo...

Vivvo CMS-local file include and fix-vulnerability warning-the black bar safety net

Title: Vivvo CMS - Local File include ! Author: JaBrOtxHaCkEr www. Email My ^ ^ ! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Defects program Vivvo CMS is an intuitive content management system atop a powerful programming framework, empowering numerous industry leading online newspapers,...

Joomla! 1.7.0 Cross Site Scripting

Joomla! 1.7.0 | Multiple Cross Site Scripting XSS Vulnerabilities 1. OVERVIEW Joomla! 1.7.0 stable version is vulnerable to multiple Cross Site Scripting issues. 2. BACKGROUND Joomla is a free and open source content management system CMS for publishing content on the World Wide Web and intranets...