Broken Link Checker <= 1.10.2 - Stored XSS

Broken Link Checker is vulnerable to stored XSS again. The plugin don’t check the links on their validity. Very bad: JavaScript code is a valid link. Example: Link. Malicious JavaScript can be injected by any post author. Screenshots: http://imgur.com/mTEobu7 / http://imgur.com/3z8GmL0 /...

WordPress 4.0.1 Cross-Site Scripting Vulnerability Patch

WordPress’s latest update, 4.0.1, patches a critical cross-site scripting vulnerability affecting comment boxes on websites running the content management system software. An attacker would need only to inject malicious JavaScript into a comment that would infect a reader viewing it on the webpag...

jQuery.com Hacked, Redirecting to RIG Exploit Kit

Owners of websites built using the jQuery library are being warned of an attack against the toolkit’s website which is redirecting visitors to a third-party site hosting the RIG exploit kit. JQuery is a free and open source JavaScript library used for a number of things, including building AJAX...

Israeli Think-Tank Site Serves Sweet Orange Exploit

Attackers have compromised the website of a prominent Israel-based, Middle East foreign policy-focused think tank, the Jerusalem Center for Public Affairs JCPA. On Friday, researchers from Cyphort reported that the site was serving the Sweet Orange exploit kit via drive-by download. At the time o...

ParanoiDF - PDF Analysis Suite: Password cracking, redaction recovery, DRM removal, malicious JavaScript extraction, and more

The swiss army knife of PDF Analysis Tools. Based on peepdf - http://peepdf.eternal-todo.com. Features Interactive Console: Type "help" to get a list of commands. Type "help command" to get a description/usage on specific command. crackpw This executes Nacho Barrientos Arias's PDFCrack tool by...

Collabtive 0.65 - Multiple Vulnerabilities

No description provided by source. ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact...

Microsoft Pocket Internet Explorer 3.0 - Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/6507/info A denial of service vulnerability has been reported for Pocket Internet Explorer PIE. The vulnerability is due to the way some JavaScript code is interpreted by PIE. By enticing a victim user to browse a...

Localize: XSS in Localize.io

During signup I used " as my password.Just after pressing sign up I was forwarded to a new page,where that page was showing my username and asked to click to view my password.When I clicked the javascript executed. Attachment: xss.png...

Researchers Uncover Interesting Browser-Based Botnet

Security researchers discovered an odd DDoS attack against several sites recently that relied on a persistent cross-site scripting vulnerability in a major video Web site and hijacked users’ browsers in order to flood the site with traffic. The attack on the unnamed site involved the use of...

Extension Spam in Google Chrome Web Store

UPDATE: Twelve seemingly legitimate Chrome browser extensions installed by more than 180,000 users are injecting advertisements on 44 popular websites. According to a Barracuda Labs report, the extensions can be found in the official Chrome Web Store. They advertise themselves and operate as game...

Feedburner Hosting Malicious JavaScript Dropper

A sub-domain of Google’s Feedburner RSS management platform is hosting a string of malicious JavaScript embedded with an iFrame, all of which is designed to upload a Trojan onto user machines and redirect visitors to a series of malicious sites. According to a report published by the security fir...

Low: Red Hat Security Advisory: ruby193-v8 security update

Updated ruby193-v8 packages that fix one security issue are now available for Red Hat OpenStack 3.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...

Oracle Linux 3 / 4 : seamonkey (ELSA-2007-0722)

From Red Hat Security Advisory 2007:0722 : Updated SeaMonkey packages that fix several security bugs are now available for Red Hat Enterprise Linux 2.1, 3, and 4. This update has been rated as having critical security impact by the Red Hat Security Response Team. SeaMonkey is an open source Web...

iOS Developer Site at Core of Facebook, Apple Watering Hole Attack

UPDATE – The missing link connecting the attacks against Apple, Facebook and possibly Twitter is a popular iOS mobile developers’ forum called iPhoneDevSDK which was discovered hosting malware in an apparent watering hole attack that has likely snared victims at hundreds of organizations beyond t...

Scientific Linux Security Update : firefox on SL4.x, SL5.x i386/x86_64

A flaw was found in the way Firefox sanitized HTML content in extensions. If an extension loaded or rendered malicious content using the ParanoidFragmentSink class, it could fail to safely display the content, causing Firefox to execute arbitrary JavaScript with the privileges of the user running...

httpd, mod_ssl security update

CentOS Errata and Security Advisory CESA-2012:0128 Updated httpd packages that fix multiple security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System CVSS base...

Million ASP.Net web sites affected with mass SQL injection attack

Million ASP.Net web sites affected with mass SQL injection attack Hackers are in the midst of a massively successful SQL injection attack targeting websites built on Microsoft's ASP.Net platform. About 180,000 pages have been affected so far, security researchers say. Attackers have planted...

Albania Security Group Hack more than 1000 Facebook Pages In One day !

Albania Security Group Hack more than 1000 Facebook Pages In One day ! There are Four Admins In the Group : 1. Hacker Twilight 2. Akrepi Hacker 3. BombRun 4. WarBot They Spread a Hex Javascript on Facebook, Once Victim will run that ,it automatically add there email id as admin in all victims...

Collabtive 0.65 - Multiple Vulnerabilities

ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 + Impact: Gaining Administrative Privileges...

Collabtive 0.65 - Multiple Vulnerabilities

Collabtive 0.65 - Multiple Vulnerabilities ANATOLIA SECURITY ADVISORY ------------------------------------ ADVISORY INFO + Title: Collabtive Multiple Vulnerabilities + Advisory URL: http://www.anatoliasecurity.com/adv/as-adv-2010-003.txt + Advisory ID: 2010-003 + Version: 0.65 + Date: 12/10/2010 ...