WordPress comment exploit published
The Russian blog Habrahabr has published (translation) a proof of concept exploit for the WordPress bug reported by Klikki on November 20. The blog also reports
WordPress 3 core unauthenticated stored XSS
Overview A security flaw in WordPress 3 allows injection of JavaScript into certain text fields. In particular, the problem affects comment boxes
Kaikki yleisesti käytössä olevat WordPress-versiot haavoittuvia
Klikki Oy on havainnut WordPress-sisällönhallintajärjestelmässä haavoittuvuuden, joka mahdollistaa ulkopuoliselle ohjelmakoodin syöttämisen WordPress-blogikirjoituksiin ja -sivuihin. Ainakin ohjelmiston kaikki 3-versiot, joita asennuksista on noin
Facebook fb:silverlight stored XSS
Overview Facebook is a free-access social networking website with over 100 million active users. Facebook allows anyone to develop web applications to
Facebook stored XSS vulnerabilities
This is a summary of various Facebook security issues (script injection, persistent XSS) found and reported since June 16, 2008. As of
Lotus Notes Java Applet vulnerabilities
Overview Lotus Notes is a groupware/e-mail system developed by Lotus Software. Due to its security and collaboration features it’s used particularly by
Java Web Start argument injection vulnerability
Overview Java Web Start is a technology for easy client-side deployment of Java applications. “Using Java Web Start technology, standalone Java software
Internet Explorer security zone spoofing with encoded URLs
Overview The method used for Windows security zone evaluation fails when characters in the URL are encoded in a certain way. Internet
Java Plugin arbitrary package access vulnerability
Overview Sun Microsystem’s Java Plugin connects the Java technology to web browsers and allows the use of Java Applets. Java Plugin technology
Microsoft Help and Support Center argument injection vulnerability
Overview “Help and Support Center (HSC) is a feature in Windows that provides help on a variety of topics” (from www.microsoft.com). It