Unable to use HTTPS for login only

If you setup the urlrewrite.xml like so: noformat ^/s/.//download/images/^?. /images/$2 ^/s/.//^?. /$2 ^/login.action https https://localhost:8443/login.action ^/dologin.action https https://localhost:8443/dologin.action ^/. https /login.action. /dologin.action. /s/. http://localhost:8080/$...

[SECURITY] Fedora 11 Update: tomcat-native-1.1.18-1.fc11

Tomcat can use the Apache Portable Runtime to provide superior scalability, performance, and better integration with native server technologies. The Apache Portable Runtime is a highly portable library that is at the heart of Apache HTTP Server 2.x. APR has many uses, including access to advanced...

CVE-2009-3731

Multiple cross-site scripting XSS vulnerabilities in WebWorks Help 2.0 through 5.0 in VMware vCenter 4.0 before Update 1 Build 208156; VMware Server 2.0.2; VMware ESX 4.0; VMware Lab Manager 2.x; VMware vCenter Lab Manager 3.x and 4.x before 4.0.1; VMware Stage Manager 1.x before 4.0.1; WebWorks...

Unfixed XSS vulnerability at www.famiglienuove.org

Security researcher Ribel, has submitted on 16/12/2009 a cross-site-scripting XSS vulnerability affecting www.famiglienuove.org, which at the time of submission ranked 0 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 07/07/2010. It is currentl...

Advanced Image Hosting 2.2 XSS

Vendor: http://yabsoft.com/ .. ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ + + + XSS + + http://server/search.php?text=%3Cscript%3Ealertdocument.cookie%3C/script%3E&dosearch=Search + + +...

Mandriva Linux Security Advisory : pidgin (MDVSA-2009:321)

Security vulnerabilities has been identified and fixed in pidgin : The NSS plugin in libpurple in Pidgin 2.4.1 does not verify SSL certificates, which makes it easier for remote attackers to trick a user into accepting an invalid server certificate for a spoofed service. CVE-2008-3532 Pidgin 2.4....

CVE-2009-4110

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...

CVE-2009-4110

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...

Cross site scripting

Cross-site scripting XSS vulnerability in the search functionality in DotNetNuke 4.8 through 5.1.4 allows remote attackers to inject arbitrary web script or HTML via search terms that are not properly filtered before display in a custom results page...

CVE-2009-4110

The CVE-2009-4110 entry applies to DotNetNuke (DNN) 4.8.x through 5.1.4, where the Search functionality in SearchResults.aspx is vulnerable to cross-site scripting (XSS) due to insufficient sanitization of the user-provided search terms before dynamic HTML output. The vulnerability is exploitable...

Vulnerabilities in plugins for WordPress

Hello Bugtraq! I want to tell you about different vulnerabilities in plugins for WordPress. About some of them there were posts to the list earlier. This August I made a summary about all vulnerabilities in plugins for WordPress http://websecurity.com.ua/3397/, which I found during 2006-2009. In...

Code injection

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

The printing functionality in Microsoft Internet Explorer 8 allows remote attackers to discover a local pathname, and possibly a local username, by reading the dc:title element of a PDF document that was generated from a local web page...

CVE-2009-4073

CVE-2009-4073 affects Microsoft Internet Explorer’s printing functionality when a local HTML page is printed to PDF. The issue exposes local filesystem information by allowing a PDF generated from a local page to include the dc:title element that can reveal the file path, and possibly the usernam...

SuSE 11 Security Update : Sun Java 1.6.0 (SAT Patch Number 1542)

The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : - The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers to execute...

openSUSE Security Update : java-1_6_0-sun (java-1_6_0-sun-1541)

The Sun Java 6 SDK/JRE was updated to u17 update fixing bugs and various security issues : CVE-2009-3866:The Java Web Start Installer in Sun Java SE in JDK and JRE 6 before Update 17 does not properly use security model permissions when removing installer extensions, which allows remote attackers...

Design/Logic Flaw

The HTMLMediaElement::loadResource function in html/HTMLMediaElement.cpp in WebCore in WebKit before r49480, as used in Apple Safari before 4.0.4 on Mac OS X, does not perform the expected callbacks for HTML 5 media elements that have external URLs for media resources, which allows remote attacke...

[SECURITY] Fedora 11 Update: ocaml-postgresql-1.12.3-1.fc11.2

This OCaml-library provides an interface to PostgreSQL, an efficient and reliable, open source, relational database. Almost all functionality available through the C-API libpq is replicated in a type-safe way. This library uses objects for representing database connections and results of queries...

Google Reader Used in Koobface Attack

The attackers behind the insidious Koobface worm have taken to using Google Reader accounts that they control to spread the worm through shared Reader items. The infection method–which has been used before by Facebook worms–is another indication of the resilience and changing tactics the malware...