Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) - CVE-2010-4277

Dear List, I'm writing on behalf of the Check Point Vulnerability Discovery Team to publish the following vulnerability. Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ Embedded Video WordPress Plugin Cross Site Scripting Vulnerability...

JVN#36673836: Movable Type vulnerable to cross-site scripting

Movable Type, a web log system from Six Apart KK, contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser. Solution Update the Software Update to the...

JVN#62736872: Vulnerability in Epson printer driver installer where access permissions are changed

When printer drivers provided by Epson are installed, the access permissions for the folder that contains program files C:\Program Files are changed. As a result, users that do not have permission to access that folder can gain access to that folder. Impact A user that does not have permission to...

JVN#46026251: Safari address bar spoofing vulnerability

Safari contains a vulnerability where the address bar displays a character string that looks like a different URL than the URL that is being accessed. Impact Phishing attacks may be possible, due to the difficulty in determining that the URL displayed in the address bar and the URL being accessed...

JVN#36765384: Google Chrome information disclosure vulnerability

Google Chrome contains an information disclosure vulnerability caused by the improper handling of XML files. Impact When viewing a specially crafted web page, information may be disclosed. Solution Update the Software Update to the latest version according to the information provided by the...

[eVuln.com] Multiple XSS in MCG GuestBook

New eVuln Advisory: Multiple XSS in MCG GuestBook Summary: http://evuln.com/vulns/144/summary.html Details: http://evuln.com/vulns/144/description.html -----------Summary----------- eVuln ID: EV0144 Software: MCG GuestBook Vendor: Mrcgiguy Version: 1.0 Critical Level: low Type: Cross Site Scripti...

With the FindBugs code analysis vulnerability-vulnerability warning-the black bar safety net

Static analysis tools promise without developer effort will be able to find out the code has some defects. Of course, if you have years of writing experience, you will know that these promises are not necessarily fulfilled. Nevertheless, a good static analysis tool is still in the Toolbox...

Fedora 14 Introduces libjpegturbo for Faster Image Processing

Fedora 14, known as "Laughlin," officially launched on Tuesday, offering numerous new features aimed at enhancing the user experience for this open-source desktop operating system. Usability Focus In recent releases, Fedora, sponsored by Red Hat, has concentrated on improving usability. According...

Privacy Crackdown Rattles Facebook Developers

Following an embarrassing expose in the Wall Street Journal, Facebook has tightened its controls over the ways in which applications that use the social networking platform can share unique user identity information or UIDs. The company also banned several applications accused of improperly...

JVN#68536660: Archive Decoder may insecurely load executable files

Archive Decoder is a file extraction software that supports multiple file formats. Archive Decoder loads certain executables .exe when extracting files. Archive Decoder contains an issue with the file search path, which may insecurely load executables. Impact An attacker may execute arbitrary cod...

Report: Reused, Third Party Code Major Sources of Insecurity

A new report out from security testing firm Veracode suggests that reused and third party code is a big source of application insecurity. Application security is a sore spot for many organizations, as attackers shift the battlefield from operating system and network attacks to application specifi...

QtWeb Browser version 3.3 build 043 Insecure DLL Hijacking Vulnerability (wintab32.dll)

OVERVIEW The QtWeb Browser application is vulnerable to Insecure DLL Hijacking Vulnerability. Similar terms that describe this vulnerability have been come up with Remote Binary Planting, and Insecure DLL Loading/Injection/Hijacking/Preloading. 2. PRODUCT DESCRIPTION QtWeb Browser is a...

Google Bans GPS Spy App, Developer Cries Foul

Malware may be difficult to define but, as former U.S. Supreme Court Justice Potter Stewart famously quipped about pornography “you know it when you see it.” At least that’s the position being taken by Google and anti malware firms about two applications designed for mobile phones running Google’...

SA-CONTRIB-2010-089 - Simplenews Content Selection - Cross Site Scripting

This module allows you to select content from your website and send a newsletter with the selected content. The module does not sanitize some of the user-supplied data before displaying it, leading to a Cross Site Scripting XSS vulnerability that may lead to a malicious user gaining full...

ccTiddly 1.7.6 Remote File Inclusion

================================================================ ccTiddly v1.7.6 Multiple Remote File Include Vulnerability ================================================================ 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

ccTiddly v1.7.6 Multiple Remote File Include Vulnerability

Exploit for php platform in category web applications ========================================================== ccTiddly v1.7.6 Multiple Remote File Include Vulnerability ==========================================================...

ccTiddly 1.7.6 - Multiple Remote File Inclusions

ccTiddly 1.7.6 - Multiple Remote File Inclusions 1 1 0 I'm eidelweiss member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Developer: http://tiddlywiki.org/wiki/CcTiddlyDeveloper Download: http://tiddlywiki.org/ccTiddly/ccTiddlyv1.7.6.zip Author...

Struts2/XWork < 2.2.0 remote execution of arbitrary code vulnerability analysis and patch-vulnerability warning-the black bar safety net

Neeao's Blog http://neeao.com/ : 1. exploit-db website on 7 month 1 4 day broke aStruts2 remote execution of arbitrary code vulnerabilityvulnerability, hazard of large, can be described as a crack shot, directly to the root, as long as the use Struts2 and webwork framework of the system for the...

Enable Web Sudo to work with other single-sign-on solutions

Customers with some of the unsupported single sign-on solutions|http://confluence.atlassian.com/display/DEV/Single+Sign-on+Integration+with+JIRA+and+Confluence can't easily upgrade to Confluence 3.3 because WebSudo doesn't handle external SSO solutions. See this example:...

Vulnerabilities in SimpNews

Hello Bugtraq! I want to warn you about security vulnerabilities in SimpNews. ----------------------------- Advisory: Vulnerabilities in SimpNews ----------------------------- URL: http://websecurity.com.ua/4245/ ----------------------------- Affected products: SimpNews V2.47.03 and previous...