Authentication flaw

The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...

CVE-2011-3839

The administration functionality in Wuzly 2.0 allows remote attackers to bypass authentication by setting the dXNlcm5hbWU cookie...

Unfixed XSS vulnerability at www.archifind.co.il

Security researcher Codeshift3r, has submitted on 17/12/2011 a cross-site-scripting XSS vulnerability affecting www.archifind.co.il, which at the time of submission ranked 1874444 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 18/12/2011. It i...

CVE-2011-3914

The internationalization aka i18n functionality in Google V8, as used in Google Chrome before 16.0.912.63, allows remote attackers to cause a denial of service or possibly have unspecified other impact via unknown vectors that trigger an out-of-bounds write...

Traq 2.3 Authentication Bypass / Code Execution

group'isadmin' 32. header"Location: login.php"; 33. This function is called in each script located into /admicp/ directory to make sure the user has admin rights, but this is a broken authorization schema due to the header function doesn't stop the execution flow. This can be exploited by malicio...

CVE-2010-5051

Cross-site scripting XSS vulnerability in admin/core/adminfunc.php in razorCMS 1.0 stable allows remote attackers to inject arbitrary web script or HTML via the content parameter in an edit action to admin/index.php...

CVE-2011-3376

Removed by vendor...

Новые уязвимости в poMMo

Здравствуйте 3APA3A! Сообщаю вам о найденных мною Information Leakage, Insufficient Anti-automation и Abuse of Functionality уязвимостях в poMMo. Information Leakage WASC-13: После введения емайла на subscribe.php, на странице http://site/pommo/user/process.php выводится pendingcode в качестве...

Duqu Analysis and Detection Tool by NSS Labs

Duqu Analysis and Detection Tool by NSS Labs NSS Labs has built a new, free tool that detects known and newly created Duqu drivers that have infiltrated systems, thus allowing security experts to further analyze the "functionality, capabilities and ultimate purpose of DuQu. ". The Tool is availab...

CVE-2010-5035

Cross-site scripting XSS vulnerability in search.php in iScripts eSwap 2.0 allows remote attackers to inject arbitrary web script or HTML via the txtHomeSearch parameter aka the search field. NOTE: some of these details are obtained from third party information...

Moderate: Red Hat Security Advisory: openssl security update

Updated openssl packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is...

PYSEC-2011-2

The verifyexists functionality in the URLField implementation in Django before 1.2.7 and 1.3.x before 1.3.1 relies on Python libraries that attempt access to an arbitrary URL with no timeout, which allows remote attackers to cause a denial of service resource consumption via a URL associated with...

GateOne Beta - Terminal emulator for HTML5 web browsers

GateOne Beta - Terminal emulator for HTML5 web browsers The software makes use of WebSockets to connect a server backend written in Python and a frontend written for modern browsers in JavaScript, HTML5 and CSS. The frontend doesn't require any browser plug-ins to be installed.Gate One also...

CVE-2011-2491

The Network Lock Manager NLM protocol implementation in the NFS client functionality in the Linux kernel before 3.0 allows local users to cause a denial of service system hang via a LOCKUN flock system call...

Firefox Java update ready to stop BEAST attacks

Firefox Java update ready to stop BEAST attacks Firefox developers searching for a way to protect users against a new attack that decrypts sensitive web traffic are seriously considering an update that stops the open-source browser from working with Oracle's Java software framework. Johnath, the...

CVE-2011-2937

Cross-site scripting XSS vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

CVE-2011-2937

Cross-site scripting XSS vulnerability in the UI messages functionality in Roundcube Webmail before 0.5.4 allows remote attackers to inject arbitrary web script or HTML via the mbox parameter to the default URI...

JAKCMS PRO <= 2.2.5 Remote Arbitrary File Upload Exploit

Exploit for php platform in category web applications Exploit Title: JAKCMS PRO = 2.2.5 Remote Arbitrary File Upload Exploit Google Dork: "Powered By JAKCMS" Date: 21/09/2011 Author: EgiX Software Link: http://www.jakcms.com/ Version: 2.2.5 Tested on: Windows 7 and Debian 6.0.2 ?php /...

2011 DDoS Botnet Landscape

Botnets have been a problem for more than a decade now, but in recent years they’ve become a serious security threat, delivering exploit kits, malware and mass Web site injections. In this video, Jose Nazario of Arbor Networks discusses the current botnet landscape and the adoption of new modular...

CVE-2011-0543

Certain legacy functionality in fusermount in fuse 2.8.5 and earlier, when util-linux does not support the --no-canonicalize option, allows local users to bypass intended access restrictions and unmount arbitrary directories via a symlink attack...