Malware Rises With Smartphone Adoption

Researchers are closely watching the rise of malware on Internet-enabled mobile devices. New mobile malware boasts a broad range of functionality, including the capability to download other malicious files, detect internet connections or establish new ones, undertake URL redirection and carry out...

Shareasale Script SQL Injection Vulnerability

Exploit for php platform in category web applications ============================================= Shareasale Script SQL Injection Vulnerability ============================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, ...

Shareasale Script - SQL Injection

1 1 0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1 1 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1 Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Shareasale Script SQL Vulnerable Vendor url:http://www.jce-tech.com Version:1 Price:n/a Published:...

CVE-2010-1636

The btrfsioctlclone function in fs/btrfs/ioctl.c in the btrfs functionality in the Linux kernel 2.6.29 through 2.6.32, and possibly other versions, does not ensure that a cloned file descriptor has been opened for reading, which allows local users to read sensitive information from a write-only...

Code injection

Unspecified vulnerability in Google Chrome before 5.0.375.55 allows user-assisted remote attackers to cause a denial of service memory error or possibly have unspecified other impact via vectors related to the "drag + drop" functionality...

CVE-2010-2093

Use-after-free vulnerability in the request shutdown functionality in PHP 5.2 before 5.2.13 and 5.3 before 5.3.2 allows context-dependent attackers to cause a denial of service crash via a stream context structure that is freed before destruction occurs...

Mandriva Linux Security Advisory : openoffice.org (MDVSA-2010:105)

This updates provides a new OpenOffice.org version 3.1.1. It holds security and bug fixes described as follow : An integer underflow might allow remote attackers to execute arbitrary code via crafted records in the document table of a Word document, leading to a heap-based buffer overflow...

CVE-2010-1546

CVE-2010-1546 affects Drupal's Chaos Tool Suite (CTools) module 6.x, prior to 6.x-1.4. An eval injection in the import functionality allows a remote authenticated user with "administer page manager" privileges to execute arbitrary PHP code via input to a text area, via the page_manager_page_impor...

Drupal Panels Module 6.x PHP Code Execution Vulnerability

A vulnerability has been reported in Panels module for Drupal, which can be exploited by malicious users to compromise a vulnerable system. Certain unspecified input is not properly sanitised before being used in the import functionality. This can be exploited to execute arbitrary PHP code...

RedHat Update for xorg-x11-server RHSA-2010:0382-01

Check for the Version of xorg-x11-server OpenVAS Vulnerability Test RedHat Update for xorg-x11-server RHSA-2010:0382-01 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modif...

Microsoft Windows Media Player Codec Retrieval Dangling Pointer Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Windows Media Player. User interaction is required to exploit this vulnerability in that the target must visit a malicious web page. The specific flaw exists within the functionality for...

[SECURITY] Fedora 13 Update: fcron-3.0.5-1.fc13

Fcron is a scheduler. It aims at replacing Vixie Cron, so it implements most of its functionalities. But contrary to Vixie Cron, fcron does not need your system to be up 7 days a week, 24 hours a day: it also works well with systems which are not running neither all the time nor regularly contrar...

CVE-2010-0132

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

Cross site scripting

Cross-site scripting XSS vulnerability in ViewVC 1.1 before 1.1.5 and 1.0 before 1.0.11, when the regular expression search functionality is enabled, allows remote attackers to inject arbitrary web script or HTML via vectors related to "searchre input," a different vulnerability than CVE-2010-073...

CVE-2009-4736

Cross-site scripting XSS vulnerability in search.php in CommonSense CMS 5.0 allows remote attackers to inject arbitrary web script or HTML via the q parameter...

Cross site scripting

Cross-site scripting XSS vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field...

CVE-2010-0465

Cross-site scripting XSS vulnerability in the online Documents functionality in SugarCRM 5.2.x before 5.2.0l and 5.5.x before 5.5.0a allows remote authenticated users to inject arbitrary web script or HTML via the Document Name field...

Secunia Research: Quicksilver Forums "mysqldump" Password Disclosure

====================================================================== Secunia Research 17/03/2010 - Quicksilver Forums "mysqldump" Password Disclosure - ====================================================================== Table of Contents Affected...

Nensor CMS 2.01 Local File Inclusion / SQL Injection

Nensor CMS 2.01 Multiple Remote Vulnerabilities 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site...

Custom fileds inconsistently escaped in view and edit screens

Steps to replicate: Create a custom field and name it Hithere On view issue screens, the field appears as Hithere On edit issue screen, the field appears as Hithere on red font I guess we need to make a decision on which one is the desired functionality allow HTML or not and make it consistent...