WordPress Flash News theme Multiple Vulnerabilities

Exploit for php platform in category web applications I want to warn you about multiple vulnerabilities in Flash News theme for WordPress. This is commercial theme for WP from WooThemes. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary Fil...

Code injection

Array index error in the content-blocking functionality in Google Chrome before 24.0.1312.56 allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors...

WordPress Chocolate WP Theme Multiple vulnerabilities

These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site...

WordPress Chocolate Theme XSS / Denial Of Service / Shell Upload

Hello list! I want to warn you about multiple vulnerabilities in Chocolate WP theme for WordPress. This is commercial theme for WP. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service and Arbitrary File Upload vulnerabilities. In 2011 I wrote about...

[SECURITY] Fedora 16 Update: gnupg2-2.0.19-7.fc16

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

CVE-2013-0828

The PDF functionality in Google Chrome before 24.0.1312.52 does not properly perform a cast of an unspecified variable during processing of the root of the structure tree, which allows remote attackers to cause a denial of service or possibly have unknown other impact via a crafted document...

WordPress Dailyedition-mouss Multiple Vulnerabilities

WordPress Dailyedition-mouss theme suffers from a remote SQL injection vulnerability, XSS, FPD, AoF, DoS, AFU vulnerabilities. Note that this finding houses site-specific data. I want to warn you about multiple vulnerabilities in Daily Edition Mouss theme for WordPress. In 2011 when I wrote about...

[SECURITY] Fedora 17 Update: gnupg2-2.0.19-7.fc17

GnuPG is GNU's tool for secure communication and data storage. It can be used to encrypt data and to create digital signatures. It includes an advanced key management facility and is compliant with the proposed OpenPGP Internet standard as described in RFC2440 and the S/MIME standard as described...

Chrome for Android - Download Function Information Disclosure

CVE Number: CVE-2012-4906 Title: Chrome for Android - Download Function Information Disclosure Affected Software: Confirmed on Chrome for Android v18.0.1025123 Credit: Takeshi Terada Issue Status: v18.0.1025308 was released which fixes this vulnerability Overview: Rogue Android apps can steal...

New vulnerabilities in MODx Revolution

Hello 3APA3A! I want to warn you about two new vulnerabilities in MODx Revolution. This is addition to previous publication about vulnerabilities in MODx Revolution http://securityvulns.ru/docs28923.html. These are Abuse of Functionality vulnerabilities in MODx related to earlier mentioned Brute...

[SECURITY] Fedora 16 Update: ndjbdns-1.05.5-1.fc16

New djbdns: is a usable fork of djbdns. djbdns' is a Domain Name System originally written by the eminent author of Qmail, Dr D. J. Bernstein. This new version of djbdns is a complete makeover to the original sourcedjbdns-1.05 and is meant to make life a lot more pleasant. The notable changes so...

BF, CSRF, AoF and IAA vulnerabilities in MODx Revolution

Hello 3APA3A! I want to warn you about multiple vulnerabilities in MODx Revolution. These are Brute Force, Cross-Site Request Forgery, Abuse of Functionality and Insufficient Anti-automation vulnerabilities in MODx. It's about 2.x Revolution versions of MODx. In 0.x and 1.x Evolution versions of...

Multiple vulnerabilities in RokBox for WordPress

Hello 3APA3A! I want to warn you about multiple security vulnerabilities in plugin Rokbox for WordPress. These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload, Content Spoofing and Information Leakage vulnerabilities. Rokbox uses...

WordPress RokBox Multiple Vulnerabilities

These are Cross-Site Scripting, Full path disclosure, Abuse of Functionality, Denial of Service, Arbitrary File Upload, Content Spoofing and Information Leakage vulnerabilities. Rokbox uses TimThumb 1.16 and JW Player 4.4.198, so some of vulnerabilities are related to plugin itself, some to...

CSRF, AoF, DoS and IAA vulnerabilities in MODx

Hello 3APA3A! I want to warn you about new security vulnerabilities in MODx. This is the second part of the vulnerabilities in this CMS 6 vulnerabilities to previous 19 vulnerabilities. These are Cross-Site Request Forgery, Abuse of Functionality, Denial of Service and Insufficient Anti-automatio...

SEC Consult SA-20121203-0 :: F5 FirePass SSL VPN Unauthenticated local file inclusion

SEC Consult Vulnerability Lab Security Advisory 20121203-0 ======================================================================= title: Unauthenticated local file inclusion product: F5 FirePass SSL VPN vulnerable version: = 7.0.0 HF-70-6 fixed version: 7.0.0 HF-70-7 impact: Critical homepage:...

MODx 1.0.6 XSS / Abuse Functionality / Denial Of Service

Hello list! I want to warn you about new security vulnerabilities in MODx. This is the second part of the vulnerabilities in this CMS 6 vulnerabilities to previous 19 vulnerabilities. These are Cross-Site Request Forgery, Abuse of Functionality, Denial of Service and Insufficient Anti-automation...

Researchers Remotely Control Smart Cards with Malware PoC

A Luxembourg-based group of researchers has generated a proof-of-concept that could give attackers the ability to remotely seize control of USB smart cards through Windows machines infected with a piece of malware they developed, according to a PCWorld report. The team behind the attack operates ...

Penske Media Corporation Cross Site Scripting

---------------------------------------------------------------------------------------------------- Title : Penske Media Corporation reflected Cross Site Scripting XSS vulnerabilities Vendor : Penske Media Corporation http://www.pmc.com/ Description : Multiple PMC web-sites are vulnerable to...

CVE-2012-5885

The replay-countermeasure functionality in the HTTP Digest Access Authentication implementation in Apache Tomcat 5.5.x before 5.5.36, 6.x before 6.0.36, and 7.x before 7.0.30 tracks cnonce aka client nonce values instead of nonce aka server nonce and nc aka nonce-count values, which makes it easi...