MyBB Game Section Plugin - games.php Multiple Cross-Site Scripting Vulnerabilities

MyBB Game Section Plugin - games.php Multiple Cross-Site Scripting Vulnerabilities source: https://www.securityfocus.com/bid/59690/info The Game Section plugin for MyBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker...

MyBB Game Section Plugin - 'games.php' Multiple Cross-Site Scripting Vulnerabilities

source: https://www.securityfocus.com/bid/59690/info The Game Section plugin for MyBB is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an...

UK banks hit by Ramnit banking malware and social engineering attacks

A dangerous variant of the Ramnit malware has been discovered targeting the UK's financial sector. Trusteer claims to have discovered an interesting trojan based attack technique that injects highly convincing and interactive real-time messages into the user Web stream that they encounter when...

CVE-2013-2020

Integer underflow in the cliscanpe function in pe.c in ClamAV before 0.97.8 allows remote attackers to cause a denial of service crash via a skewed offset larger than the size of the PE section in a UPX packed executable, which triggers an out-of-bounds read...

OTRS FAQ Module - Persistent XSS

The OTRS ITSM FAQ Module 3.2.x and below is vulnerable to a persistant XSS that permit some client side attack like cookies grabbing. OTRS http://www.otrs.com is a flexible Help Desk and IT-Service Management Software distribuited as opensource project AGPL License and also as-a-service. WIth a...

CVE-2013-1471

Multiple cross-site scripting XSS vulnerabilities in admin/FEAdmin.html in Fortinet FortiMail before 4.3.4 on FortiMail Identity-Based Encryption IBE appliances allow user-assisted remote attackers to inject arbitrary web script or HTML via 1 the Add field for the Black List under Antispam...

RealPlayer RealMedia File Handling Buffer Overflow

This Metasploit module exploits a stack based buffer overflow on RealPlayer versions 15.0.6.14 and below. The vulnerability exists in the handling of real media files, due to the insecure usage of the GetPrivateProfileString function to retrieve the URL property from an InternetShortcut section...

BSNL telecom server hacked by Anonymous Group against Section 66A of IT Act

The Homepage of BSNL Bharat Sanchar Nigam Limited https://www.bsnl.co.in/ was hacked today morning by hacking group Anonymous. BSNL is an Indian state-owned telecommunications company, the largest provider of fixed telephony and fourth largest mobile telephony provider in India, and is also a...

BSNL telecom server hacked by Anonymous Group against Section 66A of IT Act

The Homepage of BSNL Bharat Sanchar Nigam Limited http://www.bsnl.co.in/ was hacked today morning by hacking group Anonymous. BSNL is an Indian state-owned telecommunications company, the largest provider of fixed telephony and fourth largest mobile telephony provider in India, and is also a...

[VSD] (Virtual Section Dumper) Just another Virtual Section Dumper for Windows Processes

What's VSD? VSD Virtual Section Dumper is intented to be a tool to visualize and dump the memory regions of a running 32 bits or a 64 bits process in many ways. For example, you can dump the entire process and fix the PE Header , dump a given range of memory or even list and dump every virtual...

Movable Type Pro 5.13en Cross Site Scripting

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Source URL: http://www.cloudscan.me/2012/10/cve-2012-1503-movable-type-pro-513en.html Keywords: CVE-2012-1503, Movable Type Pro 5.13en, Stored XSS, JavaScript Injection, Vendor Unresponsive, Full Disclosure Introduction Movable Type MT started as on...

Omnistar Document Manager 8.0 LFI / XSS / SQL Injection

Title: ====== Omnistar Document Manager v8.0 - Multiple Vulnerabilities Date: ===== 2012-10-03 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=712 VL-ID: ===== 712 Common Vulnerability Scoring System: ==================================== 8.3 Introduction: =============...

CVE-2012-0182

Microsoft Word 2007 SP2 and SP3 does not properly handle memory during the parsing of Word documents, which allows remote attackers to execute arbitrary code via a crafted document, aka "Word PAPX Section Corruption Vulnerability."...

Omnistar Document Manager v8.0 - Multiple Vulnerabilities

Document Title: =============== Omnistar Document Manager v8.0 - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=712 Release Date: ============= 2012-10-02 Vulnerability Laboratory ID VL-ID: ==================================== 7...

dns/bind9* -- crash on deliberately constructed combination of records

ISC reports: A deliberately constructed combination of records could cause named to hang while populating the additional section of a response...

User email showing in suggestions section with visibility set to hidden

panel:bgColor=e7f4fa NOTE: This bug report is for JIRA Cloud. Using JIRA Server? See the corresponding bug report|http://jira.atlassian.com/browse/JRASERVER-29690. panel Assignee user-picker shows user email in Suggestions section, with User Email Visibility set to hidden. Steps to reproduce: Ema...

DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting

DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...

DataWatch Monarch BI v5.1 admin section reflected cross-site scripting

Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a reflected cross-site scripting vulnerability because it fails to sufficientl...

[CVE-2012-3871] Openconstructor CMS 3.12.0 'data/hybrid/i_hybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability

Title: Openconstructor CMS 3.12.0 'data/hybrid/ihybrid.php', 'header' parameter Stored Cross-site Scripting Vulnerability Affected Software: http://www.openconstructor.org/ http://code.google.com/p/openconstructor/downloads/list...

PT-2012-5159 · Pbboard · Pbboard

Name of the Vulnerable Software and Affected Versions: PBBoard version 2.1.4 Description: The issue allows remote attackers to execute arbitrary SQL commands. This can be achieved via several parameters, including the username parameter to the "send page", the email parameter to the "forget page"...