15 matches found
EUVD-2003-1174
Malware in sbrugna...
Dropbox Launches Bounty Program on HackerOne
Dropbox has become the latest high-profile Internet firm to start a bug bounty program, hooking up with HackerOne to provide rewards to security researchers who report vulnerabilities through the program. The new reward system from Dropbox covers a variety of the company’s offerings, including th...
Swiss Firm Digs Up 300,000+ Usernames/Passwords on Pastebin
More than 300,000 credentials, usernames and passwords, were posted on the clipboard website Pastebin.com in the year 2013 alone according to a recent analysis by a Swiss security firm. As part of an experiment to determine how big the hacking industry is, High-Tech Bridge, a company until now...
New Version of WordPress Fixes Slew of Security Bugs
A new version of the WordPress software is available, and the update includes fixes for a number of security vulnerabilities, including a bug in components that are used to upload media to WordPress sites. Version 3.3.2 also has some other fixes for cross-site scripting and other flaws. WordPress...
Admin JSPs don't have XSRF protection
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...
Admin JSPs don't have XSRF protection
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...
Admin JSPs don't have XSRF protection
As well as a number of XSS bugs which were recently fixed in CONF-22568, the JSPs contained in Confluence don't support the same XSRF protection which our actions use. We should convert this functionality over to actions and only use JSPs to deliver patches to customers, not for proper...
PRTG V8.1.2.1809 XSS Bugs in login.htm and error.htm
XSS Reflected Bugs in login.htm and error.htm ================================================================ PRTG V8.1.2.1809 All OS Versions: http://www.paessler.com/ I have discovered two XSS bugs within PRTG version 8.1.2.1809. These bugs are in the login.htm and error.htm documents. These...
Novell eDirectory 8.8 SP5 Proof Of Concept
PoC for Vulnerability: !usr\bin\perl Novell eDirectory 8.8 SP5 BoF Vuln - 0day Vulnerability found in Hellcode Labs. karak0rsan || murderkey infoathellcode.net || www.hellcode.net to GamaSEC: "please continue to discover and publish XSS BUGS.. you can just do that ;"...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
Velocity does not automatically escape HTML entities when substituting variables
Velocity should automatically escape encode HTML entities in variables it interpolates in markup. This would remove the need for explicitly escaping variables using $generalUtil.htmlEncode, and fix lots of XSS bugs including ones we haven't discovered yet. This affects all versions of Confluence...
propsiteman.txt
vendor site:http://www.mginternet.com/ product:Property Site Manager bug:injection sql ,login bypass , xss risk:medium login bypass : just login with : user: 'or''=' passwd: 'or''=' injection sql : http://site.com/asp/detail.asp?l=&p='sql http://site.com/asp/listings.asp?l='sql...
CuteNews 1.4.1 Multiple vulnerabilities
/ --------------------------------------------------------------- Neo Security Team NST® Advisory 20 --------------------------------------------------------------- Program : CuteNews 1.4.1 Homepage: http://www.cutephp.com Vulnerable Versions: CuteNews 1.4.1 & lower ones Risk: Medium! Impact: Cro...
AzDGDatingPlatinum multiple vulnerabilities
ADZ Security Team =================== Info Program: AzDGDatingPlatinum Version: tested 1.1.0 Modules: view.php, members/index.php Bug type: SQL Injection, XSS Vendor site: http://www.azdg.com/ Vendor Informed: Yes =================== Bug Info SQL Injection: At module view.php I've found a logical...