Cross-Site Scripting Vulnerability in Apache mod_imap Module

May 3rd, 2006 The security vulnerabilities addressed are: Security Bypass, Cross Site Scripting, Exposure of system information, Exposure of sensitive information and Denial of Service. Ubuntu has issued an update for thunderbird.

July 5th, 2005 WordPress is a very popular personal publishing platform aka blogging platform (with a primitive CMS) in use all over the web. There are a number of serious security vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system.

June 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

September 25th, 2006 Many would think at this point I am talking about better AJAX support in the core. While we do need better support for AJAX and I am not talking about DWR, I don't think that's what ails Java in its quest for being.

December 12th, 2006 When you have sites in multiple languages you may notice, depending on your server configuration, that particular languages may not be displayed properly in browsers. And yet when you save the file and view it they display fine.

May 9th, 2005 Discussion of the vulnerabilities and how to temporarily fix them before FireFox comes up with 1.04 update.

December 18th, 2005 A critical vulnerability, found in some versions of Apple's popular iTunes software, could enable attackers to remotely take over a user's computer, according to a warning issued by eEye. This flaw existed on the earlier version of iTunes 6 for Windows and was not addressed by the latest security update.

November 9th, 2005 There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP XMLRPC implementation vulnerability. PHP XMLRPC implementation is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, PHPGroupWare, TikiWiki etc.

November 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.

July 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.

June 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.

February 28th, 2009 As Firefox, Google Chrome etc are coming up with hot and new developments every month to uniquely establish themselves in the browsers' war, Microsoft isn't quiet either. Microsoft Research is developing a new browser called Microsoft’s Gazelle and they released a PDF paper last week.

July 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.

November 9th, 2005 I was in Drudge report when I saw an advertisement spot occupied by advertisement giant TribalFusion filled with Apache error message instead. The error message was rather interesting.