mytoys.de XSS vulnerability

Vulnerable URL:...

Ad Fraud Malware Updating Flash on Infected PCs

Ad fraud malware is one of the more profitable specialties in the cybercrime world, and the attackers who use it often have to adapt their tactics in order to keep the money rolling in. One of the tactics that they have adopted in recent months is that of updating the version of Flash that’s...

Pandora FMS 5.0 / 5.1 Authentication Bypass

================================================================ Authentication Bypass in Pandora FMS ================================================================ Information -------------------- Name: Pandora FMS - Authentication Bypass Affected Software : Pandora FMS Affected Versions: 5.0,...

WordPress Encrypted Contact Form 1.0.4 CSRF / XSS

Title: CVE-2015-4010 - Cross-site Request Forgery & Cross-site Scripting in Encrypted Contact Form Wordpress Plugin v1.0.4 Submitter: Nitin Venkatesh Product: Encrypted Contact Form Wordpress Plugin Product URL: https://wordpress.org/plugins/encrypted-contact-form/ Vulnerability Type: Cross-site...

Oracle PeopleSoft Security Vulnerabilities Elevate ERP Security

Enterprise resource planning systems are the unexplored continent of vulnerability research, in spite of the fact that these massive, critical business systems support the inner workings of many large corporations and IT organizations. A recent run of bugs in SAP, and a presentation at this week’...

Reflected XSS Vulnerability In Manage Engine Firewall Analyzer

======================================================================== =======Reflected XSS Vulnerability In Manage Engine Firewall Analyzer ======================================================================== ======= . contents:: Table Of Content Overview ======== Title : Reflected XSS...

Vulnerability-Riddled Drug Pumps Open to Takeover

One medical device company’s line of drug pumps is so fraught with vulnerabilities that the researcher that discovered the flaws claims the pump is the least secure IP-enabled device he’s ever come across. Certain versions of Hospira’s Lifecare PCA3 Drug Infusion pumps are susceptible to multiple...

KPPW最新版SQL注入漏洞，修补不严

简要描述： KPPW最新版SQL注入漏洞，修补不严 详细说明： 1.看了http://wooyun.org/bugs/wooyun-2010-086216。这篇帖子，正巧也在审计KPPW，也就去看了用一下最新版对于爆出问题的修补方式。最新版为了防止该漏洞，添加了一个验证。 if$gUserInfo'uid' != $pk'uid' kekezu::showmsg'无权操作',NULL,NULL,NULL,'error'; return false; 2.$gUserInfo'uid'是用户id，是我们不可控的。所以这里不能再用xfkxfk大牛的方法构造uid了。那么我们再看一下save函...

MySQL SSL/TLS connection there is a security vulnerability, by the man in the middle attacks-vulnerability warning-the black bar safety net

Due to the client in the connection to MySQL when the SSL options are used improperly, may cause middle attack. The vulnerability will cause the database to the communication data in plaintext form in the network transmission. Vulnerability details This vulnerability with the client”–ssl”option h...

[SECURITY] Fedora 20 Update: patch-2.7.5-1.fc20

The patch program applies diff files to originals. The diff command is used to compare an original to a changed file. Diff lists the changes made to the file. A person who has the original file can then use the patch command with the diff file to add the changes to their original file patching th...

MGASA-2015-0105 Updated qt3, qt4 and qtbase5 packages fix security vulnerability

The builtin BMP decoder in QtGui prior to Qt 5.5 contained a bug that would lead to a divsion by zero when loading certain corrupt BMP files CVE-2015-0295. This in turn would cause the application loading these hand crafted BMPs to crash. Qt3, Qt4 and qtbase5 have been patched to prevent this...

Google Fixes 51 Bugs in Chrome 41

Google released the latest build of its browser Tuesday, Chrome 41.0.2272.76, patching 51 different bugs and paying out over $50,000 in bounties. Google paid bounties for 18 bugs ranging from medium to high severity. The bounties for all of the vulnerabilities totaled $52,000. 13 of those bugs ca...

Multiple Cross site scripting in wordpress Plugin Image Metadata cruncher

Title:- XSS In Image-Metadata-Cruncher Author: Kaustubh G. Padwad Product: image-metadata-cruncher pluginURL:https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Auth: Requierd Description: Vulnerable Parameter: Alternate text: Caption: Custom image meta tags: Vulnerability...

VDDK error: 13 - Troubleshooting

Challenge Backup/Replication jobs fail with: VDDK error: 13.You do not have access rights to this file Solution Below is a list of possible solutions to this issue sorted by what transport mode was being used when this error occurred. Note: There are many causes for VDDK 13; this list is not...

WordPress Image Metadata Cruncher CSRF / XSS

Title: CSRF / Stored XSS Vulnerability in IMAGE-MEtadata-Cruncher Wordpress Plugin Author: Kaustubh G. Padwad CVE-ID : CVE-2015-1614 Plugin Homepage: https://wordpress.org/plugins/image-metadata-cruncher/ Severity: Medium Description: Vulnerable Parameter: Alternate text,Caption,Custom image meta...

Creaking Patch Tuesday's Viability Rests with Quality, Speed

Today is Patch Tuesday, the 11-year-old procession of security bulletins from Microsoft streamed out automatically to consumers of Windows Update, and pulled en masse by enterprise admins worldwide needing to test each for compatibility. This is how it’s been done since shortly after Bill Gates’...

A Token’s Tale

Posted by James Forshaw currently impersonating NT AUTHORITY\SYSTEM. Much as I enjoy the process of vulnerability research sometimes there’s a significant disparity between the difficulty of finding a vulnerability and exploiting it. The Project Zero blog contains numerous examples of complex...

DLA-151-1 libxml2 - security update

Bulletin has no description...

Ghost glibc Vulnerability Affects Enterprise Applications

What drove IT admins crazy about the Bash vulnerability was that it was difficult to determine—and patch—everything that was making a Bash call. It was everywhere. Apparently, some of that angst applies to the Ghost vulnerability in the GNU C library, known as glibc. At first, experts believed th...

Zero Day in WordPress Plugin FancyBox Patched

Developers have patched a zero day vulnerability in FancyBox, a plug-in for WordPress, which allowed malware to be added via an iFrame to infected sites. Despite not having been updated in over two years, Jose Pardilla, the author of FancyBox, insisted early Thursday that he had fixed the flaw wi...