Researchers Find Trojan Using Facebook

Researchers at Symantec have discovered a trojan that uses Facebook to communicate with a control and command server. Dubbed “whitewell” this malware spreads via email, contacts the mobile version of Facebook and uses its Notes section to perform actions based on the Notes titles. Andrea Lelli...

Cross site scripting

Cross-site scripting XSS vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3240

Cross-site scripting XSS vulnerability in the Happy Linux XF-Section module 1.12a for XOOPS allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2009-3240

CVE-2009-3240 is a documented XSS vulnerability in the Happy Linux XF-Section module for XOOPS, version 1.12a. The reports consistently describe an ability for remote attackers to inject arbitrary web script or HTML via unspecified vectors, potentially allowing arbitrary script execution in a use...

JVN#00425482 XF-Section vulnerable to cross-site scripting

XF-Secion from Happy Linux is a XOOPS module that categorizes contents. XF-Section contains a cross-site scripting vulnerability. Impact An arbitrary script may be executed on the user's web browser. Solution Do not use XF-Section Since the product is no longer being developed, users are...

KesionCMS(section news)upload vulnerability-vulnerability warning-the black bar safety net

Prius special A bit tasteless,with a few days before the publication of the iis6 filename parsing vulnerability achieve to obtain webshell. First find the use of tech-ex systems site,registered members,and then input KSeditor/selectupfiles. asp, Open after upload x. asp;x. jpg format image file,i...

Forum Script Cross Site Scripting

0000000000000000000000000000000000 000000000000000000000 00000000000000000000000000000000000 0000000000000000 00000000000000000000000000000000 + Forum script Persistent XSS Vulnerability + Software : Forum script + Author : 599eme Man + Contact : [email protected] + Thanks : Moudi, Neocoderz, Sheiry,...

bind: DoS (assertion failure) via nsupdate packets

The dnsdbfindrdataset function in db.c in named in ISC BIND 9.4 before 9.4.3-P3, 9.5 before 9.5.1-P3, and 9.6 before 9.6.1-P1, when configured as a master server, allows remote attackers to cause a denial of service assertion failure and daemon exit via an ANY record in the prerequisite section o...

Unfixed XSS vulnerability at www.lespetitsruisseaux.com

Security researcher Mystick, has submitted on 17/07/2009 a cross-site-scripting XSS vulnerability affecting www.lespetitsruisseaux.com, which at the time of submission ranked 10621239 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 24/06/2010. ...

Sql injection

SQL injection vulnerability in include/getread.php in Extensible-BioLawCom CMS X-BLC 0.2.0 and earlier allows remote attackers to execute arbitrary SQL commands via the section parameter...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the a NodeID and b action parameters to the default URI, and the c NodeID parameter to the default URI for the admin section; and allow remote authenticated users...

CVE-2009-2145

Multiple cross-site scripting XSS vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the a NodeID and b action parameters to the default URI, and the c NodeID parameter to the default URI for the admin section; and allow remote authenticated users...

CVE-2009-2145

Multiple cross-site scripting XSS vulnerabilities in transLucid 1.75 allow remote attackers to inject arbitrary web script or HTML via the a NodeID and b action parameters to the default URI, and the c NodeID parameter to the default URI for the admin section; and allow remote authenticated users...

DEBIAN-CVE-2009-1755

Off-by-one error in the packetreadquerysection function in packet.c in nsd 3.2.1, and processquerysection in query.c in nsd 2.3.7, allows remote attackers to cause a denial of service crash and possibly execute arbitrary code via unspecified vectors that trigger a buffer overflow...

CVE-2009-1674

Stack-based buffer overflow in Microchip MPLAB IDE 8.30 allows user-assisted remote attackers to execute arbitrary code via a long .cof pathname in a TOOLSETTINGS section in a .mcp file, possibly a related issue to CVE-2009-1608...

Cross site scripting

Cross-site scripting XSS vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter...

CVE-2008-6385

Cross-site scripting XSS vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter...

CVE-2008-6385

Cross-site scripting XSS vulnerability in index.php in W3matter RevSense 1.0 allows remote attackers to inject arbitrary web script or HTML via the section parameter...

CentOS Update for kernel CESA-2008:0211 centos3 i386

Check for the Version of kernel OpenVAS Vulnerability Test CentOS Update for kernel CESA-2008:0211 centos3 i386 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it und...

Linux/x86 - Kill service apache2 + pure-ftpd + sshd - 81 bytes

No description provided by source. / Linux x86 | Kill Service - Apache2 - Pure-Ftpd - sshd Shellcode 81 bytes Auhtor: Jonathan Salwan js.rac.projet AT gmail.com Web: http://www.shell-storm.org Disassembly of section .text: 08048060 start: 8048060: 6a 0b push $0xb 8048062: 58 pop %eax 8048063: 99...