May 30th, 2009
by invalid string.
BASE – 3 Persistent Cross Site Scripting Vulnerabilities
Posted by Jabra on May 30
BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting Vulnerabilities.
For those who don’t know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in [...]
May 30th, 2009
by invalid string.
Embedded Devices: An Avenue for Cyberterrorism?, (Sat, May 30th)
There has been growing concern with the security of embedded devices as they continue to proliferate in several industries. This is caused by a confluence of several issues that makes for a difficult problem to solve.
First, these devices more and more rely on commodity operating [...]
May 29th, 2009
by invalid string.
VMware fixes security bugs
VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in Windows-based [...]
May 29th, 2009
by invalid string.
VMWare Patches Released, (Fri, May 29th)
Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]
May 28th, 2009
by invalid string.
Vuln: Achievo Multiple Cross Site Scripting Vulnerabilities
Achievo Multiple Cross Site Scripting Vulnerabilities
URL: http://www.securityfocus.com/bid/35140
May 28th, 2009
by invalid string.
Bugtraq: Re: [InterN0T] AMember 3.1.7 – Multiple Vulnerabilities
Re: [InterN0T] AMember 3.1.7 – Multiple Vulnerabilities
URL: http://www.securityfocus.com/archive/1/503877
May 28th, 2009
by invalid string.
Survey: quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts
Posted by Jacques Copeau on May 28
Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts Author: Jacques Copeau
Abstract ==================================================== Internet Explorer, especially versions 7 and 6, can be tricked to treat images as html, opening XSS vulnerabilities in…
URL: http://seclists.org/fulldisclosure/2009/May/0255.html
May 27th, 2009
by invalid string.
Vuln: Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
URL: http://www.securityfocus.com/bid/35131
May 27th, 2009
by invalid string.
Vuln: libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
URL: http://www.securityfocus.com/bid/35126
May 27th, 2009
by invalid string.
Bugtraq: [InterN0T] AdPeeps 8.5d1 – XSS and HTML Injection Vulnerabilities
[InterN0T] AdPeeps 8.5d1 – XSS and HTML Injection Vulnerabilities
URL: http://www.securityfocus.com/archive/1/503855
May 27th, 2009
by invalid string.
BlackBerry patches PDF flaws
Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt memory [...]
May 26th, 2009
by invalid string.
Twitter API ripe for abuse by web worms
A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks.
The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, it¡¦s much [...]
May 26th, 2009
by invalid string.
Vuln: RoomPHPlanning Multiple Vulnerabilities
RoomPHPlanning Multiple Vulnerabilities
URL: http://www.securityfocus.com/bid/35110
May 26th, 2009
by invalid string.
Threatscape Report – May 2009 Edition
The following statistics are compiled from Fortinet’s FortiGate network security appliances and intelligence systems for the period April 21st – May 20th, 2009.
Table of Contents:
Exploits and Intrusion Prevention
Top 10 Exploitations & Regions
New Vulnerability Coverage
Malware Today
Top 10 Variants
Regions & Volume
Spam and Email Threats
Spam Rate & Regions
Top 3 In The Wild
Crawling the [...]
May 25th, 2009
by invalid string.
Vuln: Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
URL: http://www.securityfocus.com/bid/35096