Google Fixes 19 Bugs in Chrome, Pays $14K in Bug Bounties

Google has released version 9.0.597.107 of its Chrome browser, fixing 19 security vulnerabilities and paying $14,000 in rewards to researchers in the process. The new version of Chrome, which Google released on Monday afternoon, includes fixes for 16 high-severity vulnerabilities and three bugs...

Fedora Update for evince FEDORA-2011-0208

Check for the Version of evince OpenVAS Vulnerability Test Fedora Update for evince FEDORA-2011-0208 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...

[SECURITY] Fedora 14 Update: evince-2.32.0-3.fc14

Evince is simple multi-page document viewer. It can display and print Portable Document Format PDF, PostScript PS and Encapsulated PostScript EPS files. When supported by the document format, evince allows searching for text, copying text to the clipboard, hypertext navigation, table-of-contents...

gopher-ls NSE Script

Lists files and directories at the root of a gopher service. Script Arguments gopher-ls.maxfiles If set, limits the amount of files returned by the script. If set to 0 or less, all files are shown. The default value is 10. Example Usage nmap -p 70 --script gopher-ls --script-args...

CakePHP 1.3.5 / 1.2.8 Cache Corruption

!/usr/bin/python burnedCake.py - CakePHP = 1.3.5 / 1.2.8 Cache Corruption Exploit written by [email protected] This code exploits a unserialize vulnerability in the CakePHP security component. See http://malloc.im/CakePHP-unserialize.txt for a detailed analysis of the vulnerability. The exploit...

Exploit Release : XAMPP 1.7.3 multiple Vulnerabilities

Exploit Title: XAMPP = 1.7.3 multiple vulnerabilites Author: TheLeader Software Link: https://www.apachefriends.org/en/xampp-windows.html Affected Version: 1.7.3 and prior Tested on Windows XP Hebrew, Service Pack 3 I. File disclosure : XAMPP is vulnerable to a remote file disclosure attack. The...

XAMPP <= 1.7.3 multiple vulnerabilites

Exploit for php platform in category web applications ====================================== XAMPP '; if $REQUEST'showcode' != 1 echo ''.$TEXT'global-showcode'.''; else $file = filegetcontentsbasename$SERVER'PHPSELF'; echo "".$TEXT'global-sourcecode'.""; echo "tex...

cforms WordPress Plugin Cross Site Scripting

Check Point Software Technologies - Vulnerability Discovery Team VDT http://www.checkpoint.com/defense/ cforms WordPress Plugin Cross Site Scripting Vulnerability CVE-2010-3977 INTRODUCTION According to Delicious Days, "cforms is a powerful and feature rich form plugin for WordPress, offering...

XAMPP 1.7.3 - Multiple Vulnerabilities

XAMPP 1.7.3 - Multiple Vulnerabilities / / / / / // | / // \ | / / / / / /// / / / / / / / // / / / |/ / // / ,'; if $REQUEST'showcode' != 1 echo ''.$TEXT'global-showcode'.''; else $file = filegetcontentsbasename$SERVER'PHPSELF'; echo "".$TEXT'global-sourcecode'.""; echo ""; echo...

CVE-2010-4034

Google Chrome before 7.0.517.41 does not properly handle forms, which allows remote attackers to cause a denial of service application crash or possibly have unspecified other impact via a crafted HTML document...

CVE-2010-2396

Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors...

CVE-2010-2396

Unspecified vulnerability in the Forms component in Oracle Fusion Middleware 10.1.2.3 allows remote attackers to affect integrity via unknown vectors...

Fedora 14 : Django-1.2.3-1.fc14 (2010-14745)

' Today the Django team has released Django 1.2.3, which remedies several issues with the recent 1.2.2 package. This package corrects the following problems : - The patch applied for the security issue covered in Django 1.2.2 caused issues with non-ASCII responses using CSRF tokens. This has been...

FreeBSD : django -- XSS vulnerability (3ff95dd3-c291-11df-b0dc-00215c6a37bb)

Django project reports : The provided template tag for inserting the CSRF token into forms -- % csrftoken % -- explicitly trusts the cookie value, and displays it as-is. Thus, an attacker who is able to tamper with the value of the CSRF cookie can cause arbitrary content to be inserted, unescaped...

django -- cross-site scripting vulnerability

Django project reports: The provided template tag for inserting the CSRF token into forms -- % csrftoken % -- explicitly trusts the cookie value, and displays it as-is. Thus, an attacker who is able to tamper with the value of the CSRF cookie can cause arbitrary content to be inserted, unescaped,...

Onyx - Multiple Cross-Site Scripting Vulnerabilities

Onyx - Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/42446/info Onyx is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script cod...

Safari AutoFill Feature Exposes User Data

A prominent security researcher is urging users of Apple’s Safari browser to immediately turn off the AutoFill feature to block hackers from stealing sensitive information. According to Jeremiah Grossman, founder and Chief Technology Officer of WhiteHat Security, the AutoFill Web Forms feature ca...

Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities

Joomla! Component ArtForms 2.1b7.2 rc2 - Multiple Vulnerabilities ArtForms 2.1b7.2 RC2 Joomla Component Multiple Remote Vulnerabilities Name ArtForms Vendor http://joomlacode.org/gf/project/jartforms/ Versions Affected 2.1b7.2 RC2 Author Salvatore Fresta aka Drosophila Website...

Ding peaks of the smart forms system across the directory to delete the file vulnerability-vulnerability warning-the black bar safety net

The impact of the system:peak peak smart form systemASP V1. 0 Mini Defective part: elseif Request. QueryString"action"="del" then 'QueryString transmission, not much to say f=Request. QueryString"f" ‘is the QueryString, get“f”variable if f"" then 'determine f whether the null character Set...

Gridsphere - gridportlet User Enumeration

!/usr/bin/python Gridsphere - gridportlet remote user enumeration exploit Copyright IPSECS c 2010 http://ipsecs.com Thanks to underground people who gives idea about python and javascript You know who you are :- import sys,re,os from urllib2 import urlopen You need to install ClientForm from this...