BASE – 3 Persistent Cross Site Scripting Vulnerabilities Posted by Jabra on May 30 BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting Vulnerabilities. For those who don’t know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in BASE, this allows [...]
Posts Tagged ‘Vulnerabilities’
An Avenue for Cyberterrorism?, (Sat, May 30th)
Embedded Devices: An Avenue for Cyberterrorism?, (Sat, May 30th) There has been growing concern with the security of embedded devices as they continue to proliferate in several industries. This is caused by a confluence of several issues that makes for a difficult problem to solve. First, these devices more and more rely on commodity operating [...]
VMware fixes security bugs
VMware fixes security bugs VMware has released fixes for multiple vulnerabilities in several of its products, including VMware Workstation, Player, ACE, Server, Fusion, ESX and ESXi. One of the vulnerabilities was caused by an error in the VMware Descheduled Time Accounting driver, which could open a way for hackers to launch a denial-of-service attack in [...]
VMWare Patches Released, (Fri, May 29th)
VMWare Patches Released, (Fri, May 29th) Patches were released yesterday to fix a DoS vulnerability and potential arbitrary code execution. Here are the two vulnerabilities: 1. VMWare Descheduled Time Accounting driver: The issue affects the VMWare Descheduled Time Accounting driver and can cause a denial of service in Windows based virtual machines on the vulnerable [...]
Achievo Multiple Cross Site Scripting Vulnerabilities
Vuln: Achievo Multiple Cross Site Scripting Vulnerabilities Achievo Multiple Cross Site Scripting Vulnerabilities URL: http://www.securityfocus.com/bid/35140
[InterN0T] AMember 3.1.7 – Multiple Vulnerabilities
Bugtraq: Re: [InterN0T] AMember 3.1.7 – Multiple Vulnerabilities Re: [InterN0T] AMember 3.1.7 – Multiple Vulnerabilities URL: http://www.securityfocus.com/archive/1/503877
quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts
Survey: quotMIMEContent-Type-Sniffingquot Issues in Image Uploads in Forum Scripts Posted by Jacques Copeau on May 28 Survey: "MIME/Content-Type-Sniffing" Issues in Image Uploads in Forum Scripts Author: Jacques Copeau Abstract ==================================================== Internet Explorer, especially versions 7 and 6, can be tricked to treat images as html, opening XSS vulnerabilities in… URL: http://seclists.org/fulldisclosure/2009/May/0255.html
Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities
Vuln: Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities Drupal Embedded Media Field Module Create Content Multiple HTML Injection Vulnerabilities URL: http://www.securityfocus.com/bid/35131
libsndfile Audio Data Multiple Denial Of Service Vulnerabilities
Vuln: libsndfile Audio Data Multiple Denial Of Service Vulnerabilities libsndfile Audio Data Multiple Denial Of Service Vulnerabilities URL: http://www.securityfocus.com/bid/35126
[InterN0T] AdPeeps 8.5d1 – XSS and HTML Injection Vulnerabilities
Bugtraq: [InterN0T] AdPeeps 8.5d1 – XSS and HTML Injection Vulnerabilities [InterN0T] AdPeeps 8.5d1 – XSS and HTML Injection Vulnerabilities URL: http://www.securityfocus.com/archive/1/503855
BlackBerry patches PDF flaws
BlackBerry patches PDF flaws Research In Motion on Tuesday issued a security software update to address multiple vulnerabilities that exist in the PDF Distiller of the BlackBerry Attachment Service component in BlackBerry Enterprise Server. Because of these vulnerabilities, an attacker could create a malicious PDF file, which when opened on a BlackBerry smartphone, could corrupt [...]
Twitter API ripe for abuse by web worms
Twitter API ripe for abuse by web worms A security researcher is warning that the Twitter API can be trivially abused by hackers to launch worm attacks. The red-hot social networking/microblogging service has been scrambling to plug cross-site scripting and other Web site vulnerabilities to thwart worm attacks but, as researcher Aviv Raff points out, [...]
RoomPHPlanning Multiple Vulnerabilities
Vuln: RoomPHPlanning Multiple Vulnerabilities RoomPHPlanning Multiple Vulnerabilities URL: http://www.securityfocus.com/bid/35110
Threatscape Report – May 2009 Edition
Threatscape Report – May 2009 Edition The following statistics are compiled from Fortinet’s FortiGate network security appliances and intelligence systems for the period April 21st – May 20th, 2009. Table of Contents: Exploits and Intrusion Prevention Top 10 Exploitations & Regions New Vulnerability Coverage Malware Today Top 10 Variants Regions & Volume Spam and Email [...]
Graphiks MyForum Login Multiple SQL Injection Vulnerabilities
Vuln: Graphiks MyForum Login Multiple SQL Injection Vulnerabilities Graphiks MyForum Login Multiple SQL Injection Vulnerabilities URL: http://www.securityfocus.com/bid/35096
