|
Trend Micro Notification on latest malware exploit via MS 08-067 |
|
Written by Administrator
|
|
Thursday, 27 November 2008 |
|
This worm may be downloaded from remote sites by other malware. It may be dropped by other malware. It may arrive bundled with malware packages as a malware component. It may arrive as a random .DLL file stored in the Windows system folder. It exports functions used by other malware. |
|
Last Updated ( Thursday, 27 November 2008 )
|
|
Read more...
|
|
|
Drupal Comment Mail Module Cross-Site Request Forgery |
|
Written by Administrator
|
|
Thursday, 27 November 2008 |
A vulnerability has been reported in the Comment Mail module for Drupal, which can be exploited by malicious people to conduct cross-site request forgery attacks.
The module allows administrators to perform certain actions via HTTP requests without performing any validity checks to verify the request. This can be exploited to e.g. approve and delete comments or ban IP addresses when a logged-in administrator visits a malicious web site. |
|
Read more...
|
|
|
Drupal User Karma Module Cross-Site Scripting and SQL Injection |
|
Written by Administrator
|
|
Thursday, 27 November 2008 |
|
Some vulnerabilities have been reported in the User Karma module for Drupal, which can be exploited by malicious users to conduct SQL injection attacks and by malicious people to conduct cross-site scripting attacks. The vulnerabilities are reported in User Karma for Drupal 5.x prior to 5.x-1.13 and Drupal 6.x prior to 6.x-1.0-beta1. |
|
Read more...
|
|
|
WordPress "Host" Header RSS Feed Script Insertion Vulnerability |
|
Written by Administrator
|
|
Wednesday, 26 November 2008 |
|
Jeremias Reith has reported a vulnerability in WordPress, which can be exploited by malicious people to conduct script insertion attacks. Input passed via the HTTP "Host" header is not properly sanitised before being used. This can be exploited to execute arbitrary HTML and script code in a user's browser session in context of an affected site if malicious data is viewed. |
|
Last Updated ( Thursday, 27 November 2008 )
|
|
Read more...
|
|
|
MyBB "Referer" Header "my_post_key" Token Disclosure |
|
Written by Administrator
|
|
Wednesday, 26 November 2008 |
NBBN has discovered some vulnerabilities in MyBB, which can be exploited can be exploited by malicious people to disclose sensitive information.
The problem is that the "my_post_key" token is included in the "Referer" HTTP header when sending certain requests for e.g. images referencing external web sites (e.g. when performing various moderation actions, like splitting and merging a thread or deleting posts). This can be exploited to disclose a user's secret token by tricking the user into performing an affected operation. |
|
Read more...
|
|
|
WordPress 'wp-includes/feed.php' Cross-Site Scripting Vulnerability |
|
Written by Administrator
|
|
Wednesday, 26 November 2008 |
WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input.
An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. |
|
Read more...
|
|
|
|
