Fedora 14 : phpMyAdmin-3.4.5-1.fc14 (2011-12918)

Changes for 3.4.5.0 2011-09-14 : - interface Page list in navigation frame looks odd - interface Error div misplaced - interface Comment on a column breaks inline editing - display Order by a column in a view doesn't work in some cases - interface Add missing space to server status - core Remove...

phpMyAdmin -- multiple XSS vulnerabilities

phpMyAdmin development team reports: Firstly, if a row contains javascript code, after inline editing this row and saving, the code is executed. Secondly, missing sanitization on the db, table and column names leads to XSS vulnerabilities. Versions 3.4.0 to 3.4.4 were found vulnerable...

SUSE: Security Advisory for MozillaFirefox, MozillaThunderbird (SUSE-SA:2011:028)

The remote host is missing an update for the SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

WebKit ContentEditable Inline Style Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Webkit as utilized by either Apple Safari, or Google's Chrome browser. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious...

NetSecL Linux 3.2 released with new XFCE

NetSecL Linux 3.2 released with new XFCE NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible. GrSecurity kernel is updated to 2.6.32.8 please...

NetSecL Linux 3.2 released with new XFCE

NetSecL Linux 3.2 released with new XFCE NetSecL 3.2 comes with a brand new XFCE which increased dramatically the performance experience, we closed many bugs and also gained more compatibility to OpenSuse 11.4 – most packages are 11.4 compatible. GrSecurity kernel is updated to 2.6.32.8 please...

Linux Command Shell, Bind TCP Inline

Listen for a connection and spawn a command shell This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework module MetasploitModule CachedSize = 86 include Msf::Payload::Single include Msf::Payload::Linux::X64::Prepends include...

WordPress Inline Gallery 'do' Parameter Cross-site Scripting Vulnerability

The WordPress plugin SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:wordpress:wordpress"; ifdescription...

DEBIAN-CVE-2010-4766

The AgentTicketForward feature in Open Ticket Request System OTRS before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a...

CVE-2010-4766

The AgentTicketForward feature in Open Ticket Request System OTRS before 2.4.7 does not properly remove inline images from HTML e-mail messages, which allows remote attackers to obtain potentially sensitive image information in opportunistic circumstances by reading a forwarded message in a...

HTB22873: XSS in Inline Gallery wordpress plugin

Vulnerability ID: HTB22873 Reference: http://www.htbridge.ch/advisory/xssininlinegallerywordpressplugin.html Product: Inline Gallery wordpress plugin Vendor: m0n5t3r http://m0n5t3r.info/work/wordpress-plugins/inline-gallery/ Vulnerable Version: 0.3.9 Vendor Notification: 22 February 2011...

Inline Gallery 0.3.9 Cross Site Scripting

Vulnerability ID: HTB22873 Reference: http://www.htbridge.ch/advisory/xssininlinegallerywordpressplugin.html Product: Inline Gallery wordpress plugin Vendor: m0n5t3r http://m0n5t3r.info/work/wordpress-plugins/inline-gallery/ Vulnerable Version: 0.3.9 Vendor Notification: 22 February 2011...

WordPress Plugin Inline Gallery 0.3.9 - do Cross-Site Scripting

WordPress Plugin Inline Gallery 0.3.9 - do Cross-Site Scripting source: https://www.securityfocus.com/bid/46781/info The Inline Gallery WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue ...

WordPress Inline Gallery Plugin 0.3.9 - Cross-Site Scripting

WordPress Inline Gallery plugin's "do" parameter is prone to a cross-site scripting vulnerability. It fails to properly clean up user-supplied input. An attacker may execute arbitrary script code in the browser of an user in the context of the affected site. In this way the attacker can steal...

WordPress Plugin Inline Gallery 0.3.9 - 'do' Cross-Site Scripting

source: https://www.securityfocus.com/bid/46781/info The Inline Gallery WordPress Plugin is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecti...

Cross-site Scripting (XSS) Vulnerability in Inline Gallery

High-Tech Bridge SA Security Research Lab has discovered vulnerability in Inline Gallery WordPress plugin which could be exploited to perform cross-site scripting attacks. 1 Cross-site scripting XSS vulnerability in Inline Gallery The vulnerability exists due to input sanitation error in the " do...

WebKit: multiple vulnerabilities in WebKitGTK

WebKit in Apple Safari before 5.0.1 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.1 on Mac OS X 10.4; and webkitgtk before 1.2.6; allows remote attackers to execute arbitrary code or cause a denial of service memory corruption and application crash via vectors related to the rendering...

Digital Forensics Framework v0.9.0 latest version download !

"DFF Digital Forensics Framework is a simple but powerful tool with a flexible module system which will help you in your digital forensics works, including file recovery due to error or crash, evidence research and analysis, etc. DFF provides a robust architecture and some handy modules." This is...

CVE-2010-3818

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving inline text boxes...

Design/Logic Flaw

Use-after-free vulnerability in WebKit in Apple Safari before 5.0.3 on Mac OS X 10.5 through 10.6 and Windows, and before 4.1.3 on Mac OS X 10.4, allows remote attackers to execute arbitrary code or cause a denial of service application crash via vectors involving inline text boxes...