Xoops CMS SQL Injection Vulnerability Reported

August 28th, 2006 Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "id" parameter when editing content isn't properly sanitised before being used in a SQL query.

June 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.

November 9th, 2005 There are few reports of an attack by a new Linux worm called Lupper which exploits a well known PHP XMLRPC implementation vulnerability. PHP XMLRPC implementation is used in a large number of popular web applications such as PostNuke, Drupal, b2evolution, Xoops, PHPGroupWare, TikiWiki etc.

November 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.

July 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.

December 16th, 2005 A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server's mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user.

July 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.

December 18th, 2005 A critical vulnerability, found in some versions of Apple's popular iTunes software, could enable attackers to remotely take over a user's computer, according to a warning issued by eEye. This flaw existed on the earlier version of iTunes 6 for Windows and was not addressed by the latest security update.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

January 11th, 2007 While WordPress 2.0.6 is still hot a serious security defect (SQL injection attack) was found and fixed in WordPress 2.0.7, which is currently available as RC1 (release candidate 1). The key defects fixed are: Security defect Worked around a PHP bug for PHP 4.x less than 4.4.3 and PHP 5.x less than 5.1.4 with register_globals ON that could potentially lead to SQL injection and other security breaches.

March 10th, 2009 Are you one of those Telegraph subscribers? You must have known by know that the online website of British UK newspaper Telegraph has been hacked. The proofs in Hackersblog confirm that the site has been hacked by Romanian whitehat hacking group.

April 19th, 2006 The Java 2 Standard Edition 5.0 Release 4 update, issued Monday, fixes a vulnerability in Java Web Start. An application, exploiting the vulnerability, may grant itself permissions to read and write local files that are accessible to the user running the Java Web Start application.

August 13th, 2005 A command execution vulnerability has been found in WordPress's handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. Already a perl and php exploit is available.

June 21st, 2006 Archit3ct and IR4DEX GROUP have discovered a vulnerability in SmartSiteCMS, which can be exploited by malicious people to compromise a vulnerable system. Input passed to the "root" parameter in include/inc_foot.php is not properly verified before being used to include files.

July 5th, 2005 WordPress is a very popular personal publishing platform aka blogging platform (with a primitive CMS) in use all over the web. There are a number of serious security vulnerabilities in WordPress that may allow an attacker to ultimately run arbitrary code on the vulnerable system.