Apple to Require Mac Apps to Be Sandboxed

Apple has informed developers that, as of March 2012, any app submitted to the Mac App Store will have to include a sandbox. The move is an intriguing one from Apple, which has kept a low profile on security and typically handles Mac security on its own. The statement from Apple comes at a time...

Yet Another CMS 1.0 - SQL Injection / Cross-Site Scripting

Advisory: Yet Another CMS 1.0 SQL Injection & XSS vulnerabilities Advisory ID: SSCHADV2011-031 Author: Stefan Schurtz Affected Software: Successfully tested on Yet Another CMS 1.0 Vendor URL: http://yetanothercms.codeplex.com/ Vendor Status: informed ========================== Vulnerability...

CVE-2010-4955

SQL injection vulnerability in board/board.php in APBoard Developers APBoard 2.1.0 and earlier allows remote attackers to execute arbitrary SQL commands via the id parameter, a different vector than CVE-2006-3078...

Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...

AWStats 7.0 / 6.0 SQL Injection / Cross Site Scripting / CRLF Injection

No description provided by source. Vulnerable are all versions of AWStats 6.0, 7.0 and previous versions. ---------- Details: ---------- AWStats includes script Advanced Web Redirector awredir.pl. There were already found by trev and tx XSS and Redirector vulnerabilities in awredir.pl in 2008...

OWASP Zed Attack Proxy (ZAP) v.1.3.2 Released

OWASP Zed Attack Proxy ZAP v.1.3.2 Released The OWASP Zed Attack Proxy ZAP is an easy to use integrated penetration testing tool for finding vulnerabilities in web applications.It is designed to be used by people with a wide range of security experience and as such is ideal for developers and...

Get Ready for Microsoft 13 updates for August Patch Tuesday

Get Ready for Microsoft 13 updates for August Patch Tuesday Microsoft has announced that it will release 13 bulletins to address 22 vulnerabilities in Windows, Office, Internet Explorer, .NET and Visual Studio on its next Patch Tuesday. Another "critical" bulletin affects Windows server operating...

JVN#43105011: Android vulnerability where an incorrect SSL certificate is displayed

Android OS contains a vulnerability where a SSL certificate from an outside site is displayed when a user attempts to display a SSL certificate from a site that reads in contents from an outside site. Impact An attacker may trick the user into believing the site being visited is safe, which may...

Linux kernel 3.0 - 343 changes made by Microsoft developer K. Y. Srinivasan

Linux kernel 3.0 - 343 changes made by Microsoft developer K. Y. Srinivasan Linux Kernal Change Logs figures were published on Thursday in an LWN.net article : 343 Changes made by Microsoft developer K. Y. Srinivasan 1,085 change provided by independent developers Red Hat provided 1,000 Changes i...

Sony CEO Apologizes to Fans and Partners at E3

Sony Computer Entertainment of America’s President and CEO, Jack Tretton kicked off his company’s E3 conference appearance with an apology to all those affected by the outage that has plagued Sony for better part of the last two months. Tretton started his speech by addressing what he referred to...

GMA-7 television networks website, twitter & Facebook hacked by D4RKB1T

GMA-7 television networks website , twitter & Facebook hacked by D4RKB1T The website of one of the leading television networks in the Philippines has been hacked by a username "D4RKB1T". GMA-7's website - gmanews.tv, its Facebook and Twitter accounts have been simultaneously hacked on Sunday...

CVE-2011-2162

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 aka CS4.0; and Mandriva Enterprise Server 5 aka MES5 have unknown impact and attack vectors, related to issues...

CVE-2011-2162

Multiple unspecified vulnerabilities in FFmpeg 0.4.x through 0.6.x, as used in MPlayer 1.0 and other products, in Mandriva Linux 2009.0, 2010.0, and 2010.1; Corporate Server 4.0 aka CS4.0; and Mandriva Enterprise Server 5 aka MES5 have unknown impact and attack vectors, related to issues...

Mandriva Linux Security Advisory : mplayer (MDVSA-2011:088)

Multiple vulnerabilities have been identified and fixed in mplayer : oggparsevorbis.c in FFmpeg 0.5 does not properly perform certain pointer arithmetic, which might allow remote attackers to obtain sensitive memory contents and cause a denial of service via a crafted file that triggers an...

Senators Press Google, Apple Execs on Privacy and Location Tracking

In a hearing on Tuesday about the amount of data that mobile device manufacturers, app developers and others collect about users’ location and activities, senators called on Apple, Google and other companies to be more open and clear with consumers about their data-collection and tracking...

Silently Pwning Protected-Mode IE9 and Innocent Windows Applications

Our advanced binary planting research goes on... and it's time to reveal some interesting hacks, for instance how to exploit binary planting or DLL hijacking, if you prefer the less suitable term to execute remote malicious code through Internet Explorer 9 in protected mode on Windows 7 - without...

The Gazette Edition Cross Site Scripting

Hello list! I want to warn you about Cross-Site Scripting, Full path disclosure, Abuse of Functionality and Denial of Service vulnerabilities in The Gazette Edition theme for WordPress. It's commercial theme for WP by WooThemes. ------------------------- Affected products: -----------------------...

Mandriva Linux Security Advisory : ffmpeg (MDVSA-2011:062)

Multiple vulnerabilities has been identified and fixed in ffmpeg : FFmpeg 0.5 allows remote attackers to cause a denial of service hang via a crafted file that triggers an infinite loop. CVE-2009-4636 flicvideo.c in libavcodec 0.6 and earlier in FFmpeg, as used in MPlayer and other products, allo...

Farmville Compromises Facebook - Facebook Fixes Flaw !

After the release of FireSheep, Facebook took an important step to help protect Facebook user accounts by allowing users to choose to keep an encrypted connection as long as they used just Facebook and intelligently designed apps. Savvy users immediately discovered that if they tried to use gross...

PHP-Nuke 8. x <= "chng_uid" blind defect and repair-vulnerability warning-the black bar safety net

Affected version: PHP-Nuke 8. x = Vulnerability description: PHP-Nuke is a Web Portal System or content management system. The goal of PHP-Nuke is to have an automated web site to distribute news and articles with users system. Each user can submit comments to discuss the articles. Main features...