TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform

Trustwave's SpiderLabs Security Advisory TWSL2012-003: Cross-Site Scripting Vulnerability in Movable Type Publishing Platform https://www.trustwave.com/spiderlabs/advisories/TWSL2012-003.txt Published: 2012-02-24 Version: 1.0 Vendor: Six Apart (http://movabletype.org/) Product: Movable Type Vers

Kongreg8 1.7.3 Mutiple XSS

# Exploit Title: Kongreg8 1.7.3 Mutiple XSS # Date: 02/24/12 # Author: G13 # Software Link: https://sourceforge.net/projects/kongreg8/ # Version: 1.7.3 # Category: webapps (php) # # Vulnerability # Kongreg8 1.7.3 has multiple XSS vulnerabilites. These vulnerabilities are in the Add Membe

Syhunt: Google V8 - Server-Side JS Injection in vulnerable web apps

Google V8 Server-Side JavaScript Injection joins the set of web application security vulnerabilities TIME-BASED PHP V8JS INJECTION & NOSQL/SSJS INJECTION Detecting server-side JavaScript (SSJS) injection vulnerabilities using time-based techniques. Article by Felipe Aragon - February 25, 2012

NGS00237 Patch Notification: Samba Andx request Remote Code Execution

High Risk Vulnerability in Samba 25 February 2012 Andy Davis of NGS Secure has discovered a high risk vulnerability in the Samba service Impact: Remote Code Execution Versions affected: Samba versions up to 3.4.0 More details about this vulnerability and how to obtain software updates can b

[SECURITY] [DSA 2414-2] fex regression

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2414-2 secur...@debian.org http://www.debian.org/security/Nico Golde February 25, 2012

pidgin OTR information leakage

Pidgin transmits OTR (off-the-record) conversations over DBUS in plaintext. This makes it possible for attackers that have gained user-level access on a host, to listen in on private conversations associated with the victim account. Pidgin is a popular Instant Messenger application that runs on a

DeepSec "Sector v6" - Call for Papers

--- DeepSec 2012 "Sector v6" - Call for Papers We are looking for talks and trainings for the DeepSec In-Depth Security Conference 2012 ("Sector 6"). We invite researchers, developers, auditors and everyone else dealing with information security to submit their work. We offer slots for talks and w

FrameJammer DOM based XSS

Software:FrameJammer Author:Hal Pawluk Software Description: FrameJammer is a little javascript code which prevents opening framed pages outside their frameset. FrameJammer used to be distributed as a Macromedia Dreamweaver extension, nowadays web developers are spreading it with copy-paste. P

Case YVS Image Gallery

http://osvdb.org/show/osvdb/79477 The software "YVS Image Gallery" seems to be full of security issues. For example one can have lots of fun with this. Copy from installation.php: """ case(isset($_POST['db_name'])): $host = $_POST['host']; $db_name = $_POST['db_name'];

[ MDVSA-2012:023 ] libvpx

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 ___ Mandriva Linux Security Advisory MDVSA-2012:023 http://www.mandriva.com/security/ _

Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability

Title: == Socusoft Photo 2 Video v8.05 - Buffer Overflow Vulnerability Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=460 VL-ID: = 460 Introduction: = Socusoft photo to video converter Professional allows you to create

OSQA CMS v3b - Multiple Persistent Vulnerabilities

Title: == OSQA CMS v3b - Multiple Persistent Vulnerabilities Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=461 VL-ID: = 461 Introduction: = OSQA is the Open Source Q&A System. It is free software licensed under the GPL

Wolf CMS v0.7.5 - Multiple Web Vulnerabilities

Title: == Wolf CMS v0.7.5 - Multiple Web Vulnerabilities Date: = 2012-02-27 References: === http://www.vulnerability-lab.com/get_content.php?id=452 VL-ID: = 452 Introduction: = Wolf CMS is a content management system and is Free Software published under the

Re: pidgin OTR information leakage

2012/2/25 Dimitris Glynos : > Pidgin transmits OTR (off-the-record) conversations over DBUS in > plaintext. This makes it possible for attackers that have gained > user-level access on a host, to listen in on private conversations > associated with the victim account. Basically, you're saying that

[SECURITY] [DSA 2418-1] postgresql-8.4 security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2418-1 secur...@debian.org http://www.debian.org/security/Moritz Muehlenhoff February 27, 2012

Re: Dolibarr CMS v3.2.0 Alpha - File Include Vulnerabilities

hi, fixed in develop branch https://github.com/Dolibarr/dolibarr/commit/5381986e50dd6055f2b3b63281eaacffa0449da2 https://github.com/Dolibarr/dolibarr/commit/8f9b9987ffb42cfbe907fe31ded3001bfc1b3417 thanks

Recon 2012 - Call For Papers - June 14-16, 2012 - Montreal, Quebec

`-,_ `. \ | | / .'_,-' ,,__ `-,_ `. \ | | / .' _,-' __,, ''--..__ `-,_.-"-._ ,-' __..--'' ... ''--..__.' `.__..--'' ___ /

Re: [Full-disclosure] pidgin OTR information leakage

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Jann Horn wrote: > 2012/2/25 Dimitris Glynos : >> Pidgin transmits OTR (off-the-record) conversations over DBUS in >> plaintext. This makes it possible for attackers that have gained >> user-level access on a host, to listen in on private conversat

[SECURITY] [DSA 2419-1] puppet security update

-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 - - Debian Security Advisory DSA-2419-1 secur...@debian.org http://www.debian.org/security/Florian Weimer February 27, 2012

Re: [Full-disclosure] pidgin OTR information leakage

On Feb 27, 2012, at 2:37 PM, Michele Orru wrote: > I think you didn't understood the content of the advisory. > If there are 10 non-root users in an Ubuntu machine for example, > if user 1 is using pidgin with OTR compiled with DBUS, then user 2 to 10 > can see what user 1 pidgin conversation. Th