35 matches found
jQuery Official Website Compromised To Serve Malware
The official website of the popular cross-platform JavaScript library jQuery jquery.com has been compromised and redirecting its visitors to a third-party website hosting the RIG exploit kit, in order to distribute information-stealing malware. JQuery is a free and open source JavaScript library...
PHP/FI 1.0/FI 2.0/FI 2.0 b10 mylog/mlog Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/713/info The PHP/FI package which was originally written by Rasmus Lerdorf is an is an HTML-embedded scripting language. Much of its syntax is borrowed from C, Java and Perl with a couple of unique PHP-specific features...
CSP 1.0 Added to Firefox to Block XSS Attacks
After years of discussion and waiting, Mozilla has finally added Content Security Policy 1.0, a defense against some common attacks such as XSS, to its Firefox browser. CSP already has been implemented in Google Chrome and Internet Explorer and there was a limited implementation of it in Firefox...
Amazon Joins Authentication Game
As attackers continue to target large databases of passwords and users grow wearier by the day of creating new accounts and login credentials on each site they visit, the larger Web players are positioning themselves as not just social networking or retail hubs, but also as authentication...
Sandcat Browser 4.0 released, new tools added for Pen-Testers
Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...
[SECURITY] Fedora 17 Update: libwebp-0.2.1-1.fc17
WebP is an image format that does lossy compression of digital photographic images. WebP consists of a codec based on VP8, and a container based on RIFF. Webmasters, web developers and browser developers can use WebP to compress, archive and distribute digital images more efficiently...
JW Player Pro 5.10.2295 Spoofing / Cross Site Scripting
Hello list! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of t...
XXE Injection in CakePHP and Squiz CMS
Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...
CakePHP / Squiz CMS XXE Injection
Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...
GMA-7 television networks website, twitter & Facebook hacked by D4RKB1T
GMA-7 television networks website , twitter & Facebook hacked by D4RKB1T The website of one of the leading television networks in the Philippines has been hacked by a username "D4RKB1T". GMA-7's website - gmanews.tv, its Facebook and Twitter accounts have been simultaneously hacked on Sunday...
SecurityReason: PHP 5.2.6 SAPI php_getuid() overload
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SecurityReason.com : PHP 5.2.6 SAPI phpgetuid overload Author: Maksymilian Arciemowicz securityreason.com Date: - - Written: 20.11.2008 - - Public: 05.12.2008 SecurityReason Research SecurityAlert Id: 59 SecurityRisk: High Affected Software: PHP 5.2.6...
eLineStudio Site Composer (ESC) <= 2.6 Multiple Vulnerabilities
No description provided by source. www.BugReport.ir AmnPardaz Security Research Team Title: eLineStudio Site Composer ESC =2.6 Multiple Vulnerabilities Vendor: www.elinestudio.com Vulnerable Version: 2.6 and prior versions Exploit: Available Impact: High Fix: N/A Original Advisory:...
RantX 1.0 Insecure Admin Authentication Vulnerability
No description provided by source. --==+================================================================================+==-- --==+ RantX 1.0 Insecure Admin Authentication Vulnerability +==-- --==+================================================================================+==-- Discovered By:...
RantX 1.0 - Insecure Admin Authentication
RantX 1.0 - Insecure Admin Authentication --==+================================================================================+==-- --==+ RantX 1.0 Insecure Admin Authentication Vulnerability +==-- --==+================================================================================+==--...
RantX 1.0 - Insecure Admin Authentication
--==+================================================================================+==-- --==+ RantX 1.0 Insecure Admin Authentication Vulnerability +==-- --==+================================================================================+==-- Discovered By: t0pP8uZz Discovered On: 14 MAY 200...