«
Expand/Collapse
103 items tagged "content"
Related tags:
thunderbird [+],
mozilla thunderbird [+],
content management system [+],
cms [+],
wordpress [+],
red [+],
manager version [+],
malicious content [+],
joomla [+],
information disclosure [+],
administrative privileges [+],
web content management [+],
web content editor [+],
privilege elevation vulnerability [+],
php [+],
meditate [+],
gateway [+],
emc documentum [+],
emc [+],
documentum [+],
denial of service [+],
cisco [+],
android [+],
xsl parser [+],
xsl [+],
web content manager [+],
web content management system [+],
uri [+],
tim [+],
sql [+],
site [+],
simple [+],
service vulnerability [+],
roundcube [+],
portlet [+],
papst [+],
open source web [+],
management [+],
mail messages [+],
mail [+],
lotus [+],
input validation [+],
information [+],
inclusion [+],
hendriks [+],
global content [+],
global [+],
forgery [+],
firefox [+],
file [+],
featured [+],
editor component [+],
editor [+],
cross site scripting [+],
content managers [+],
content editor [+],
content component [+],
command execution [+],
brute force [+],
automation [+],
arbitrary code execution [+],
usa [+],
txt [+],
tcp packet [+],
safer use [+],
rich internet [+],
ria [+],
remote file include vulnerability [+],
path [+],
internet application [+],
htb [+],
flash content [+],
flash [+],
felix [+],
exploits [+],
digital [+],
content services [+],
bugzilla [+],
black hat [+],
approach [+],
vulnerability [+],
xss [+],
wiimote [+],
web scanner [+],
user [+],
type [+],
tube [+],
traffic prioritization [+],
system [+],
stephan chenette [+],
splayer [+],
shoutcms [+],
service [+],
secure content manager [+],
secure [+],
secunia [+],
sd card [+],
script [+],
ruben [+],
retired [+],
research [+],
redirectors [+],
realadmin [+],
real time communications [+],
read [+],
policy security [+],
phpid [+],
per [+],
onpub [+],
nokia content copier [+],
nokia [+],
network [+],
mybusinessadmin [+],
multiple [+],
malicious users [+],
malicious data [+],
malaysia [+],
legitimate web [+],
jean baptiste bedrune [+],
jean baptiste [+],
irrigation pipe [+],
internet [+],
insertion [+],
injection [+],
information disclosure vulnerability [+],
iframe [+],
identify [+],
iceberg [+],
hijacking [+],
hacks [+],
hacking [+],
hack in the box [+],
group patterns [+],
greenbrowser [+],
gateway service [+],
fireshark [+],
etrust [+],
drm [+],
digital content protection [+],
day [+],
d day [+],
copier [+],
content type [+],
content server [+],
content management systems cms [+],
content management systems [+],
content management [+],
com [+],
code execution [+],
cisco security advisory [+],
cisco security [+],
card [+],
caleb kraft [+],
caleb [+],
cable tv service [+],
buffer overflow [+],
audio [+],
arbitrary html [+],
album gallery [+],
advisory [+],
Tools [+],
web [+],
manager [+],
content manager [+],
red hat security [+],
cross [+],
disclosure [+],
sql injection [+]
-
-
18:10
»
Packet Storm Security Exploits
This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
-
18:10
»
Packet Storm Security Recent Files
This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
-
18:10
»
Packet Storm Security Misc. Files
This Metasploit module exploits a vulnerability in the XSL parser of the XSL Content Portlet. When Tomcat is present, arbitrary code can be executed via java calls in the data fed to the Xalan XSLT processor. If XSLPAGE is defined, the user must have rights to change the content of that page (to add a new XSL portlet), otherwise it can be left blank and a new one will be created. The second method however, requires administrative privileges.
-
-
17:54
»
Packet Storm Security Advisories
EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system.
-
17:54
»
Packet Storm Security Recent Files
EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system.
-
17:54
»
Packet Storm Security Misc. Files
EMC Documentum Content Server contains a privilege elevation vulnerability that may allow an unauthorized user to obtain highest administrative privileges on the system.
-
-
13:41
»
Packet Storm Security Exploits
RoundCube version 0.6 suffers from cross site scripting, content spoofing, brute force and clickjacking inclusion vulnerabilities.
-
-
17:03
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1439-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content.
-
17:03
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1439-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content.
-
17:03
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1439-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A flaw was found in the way Thunderbird handled certain add-ons. Malicious, remote content could cause an add-on to elevate its privileges, which could lead to arbitrary code execution with the privileges of the user running Thunderbird. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content.
-
16:56
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.
-
16:56
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.
-
16:56
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1438-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. A cross-site scripting flaw was found in the way Thunderbird handled certain multibyte character sets. Malicious, remote content could cause Thunderbird to run JavaScript code with the permissions of different remote content. Note: This issue cannot be exploited by a specially-crafted HTML mail message as JavaScript is disabled by default for mail messages. It could be exploited another way in Thunderbird, for example, when viewing the full remote content of an RSS feed.
-
-
14:32
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
-
14:32
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
-
14:32
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1341-01 - Mozilla Firefox is an open source web browser. XULRunner provides the XUL Runtime environment for Mozilla Firefox. Several flaws were found in the processing of malformed web content. A web page containing malicious content could cause Firefox to crash or, potentially, execute arbitrary code with the privileges of the user running Firefox. A flaw was found in the way Firefox processed the "Enter" keypress event. A malicious web page could present a download dialog while the key is pressed, activating the default "Open" action. A remote attacker could exploit this vulnerability by causing the browser to open malicious web content.
-
-
0:40
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Rich Internet Applications Flash Event:
Black Hat USA 2010 Abstract: The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world. After a year of development, we hope to release a working tool to the world, so you can apply the defense technique to your web browser.
-
-
13:05
»
SecDocs
Authors:
Felix 'FX' Lindner Tags:
Rich Internet Applications Flash Event:
Black Hat USA 2010 Abstract: The talk presents a simple but effective approach for securing Rich Internet Application (RIA) content before using it. Focusing on Adobe Flash content, the security threats presented by Flash movies are discussed, as well as their inner workings that allow such attacks to happen. Some of those details will make you laugh, some will make you wince. Based on the properties discussed, the idea behind the defense approach will be presented, as well as the code implementing it and the results of using it in the real world. After a year of development, we hope to release a working tool to the world, so you can apply the defense technique to your web browser.
-
-
20:56
»
Packet Storm Security Advisories
Red Hat Security Advisory 2011-1165-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
20:56
»
Packet Storm Security Recent Files
Red Hat Security Advisory 2011-1165-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
20:56
»
Packet Storm Security Misc. Files
Red Hat Security Advisory 2011-1165-01 - Mozilla Thunderbird is a standalone mail and newsgroup client. Several flaws were found in the processing of malformed HTML content. Malicious HTML content could cause Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird. A flaw was found in the way Thunderbird handled malformed JavaScript. Malicious content could cause Thunderbird to access already freed memory, causing Thunderbird to crash or, potentially, execute arbitrary code with the privileges of the user running Thunderbird.
-
-
21:26
»
Packet Storm Security Exploits
Lotus CMS version 3.0.3 suffers from cross site request forgery, file content disclosure, and cross site scripting vulnerabilities.
-
-
23:45
»
SecuriTeam
A service policy bypass and two Denial of Service vulnerabilities exist in the Cisco Content Services Gateway - Second Generation (CSG2).
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
11:15
»
SecuriTeam
This vulnerability allows attackers to execute arbitrary code on vulnerable installations of Computer Associates eTrust Secure Content Manager.
-
Make your website safer. Use external penetration testing service. First report ready in one hour!
-
-
15:03
»
Packet Storm Security Exploits
Simple Web Content Management System version 1.21 suffers from a remote SQL injection vulnerability that allows for authentication bypass.
-
-
12:06
»
Wirevolution
A story in Wired dated December 17th reports on a webinar presented by Allot Communications and Openet.
A slide from the webinar shows how network operators could charge by the type of content being transported rather than by bandwidth:
In an earlier post I said that strict net neutrality is appropriate for wired broadband connections, but that for wireless connections the bandwidth is so constrained that the network operators must be able to ration bandwidth in some way. The suggestion of differential charging for bandwidth by content goes way beyond mere rationing. The reason this is egregious is that the bandwidth costs the same to the wireless service provider regardless of what is carried on it. Consumers don’t want to buy content from Internet service providers, they want to buy connectivity – access to the Internet.
In cases where a carrier can legitimately claim to add value it would make sense to let them charge more. For example, real-time communications demands traffic prioritization and tighter timing constraints than other content. Consumers may be willing to pay a little bit more for the better sounding calls resulting from this.
But this should be the consumer’s choice. Allowing mandatory charging for what is currently available free on the Internet would mean the death of the mobile Internet, and its replacement with something like interactive IP-based cable TV service. The Internet is currently a free market where the best and best marketed products win. Per-content charging would close this down, replacing it with an environment where product managers at carriers would decide who is going to be the next Facebook or Google, kind of like AOL or Compuserve before the Internet. The lesson of the Internet is that a dumb network connecting content creators with content consumers leads to massive innovation and value creation. The lesson of the PSTN is that an “intelligent network,” where network operators control the content, leads to decades of stagnation.
In a really free market, producers get paid for adding value. Since charging per content by carriers doesn’t add value, but merely diverts revenue from content producers to the carriers, it would be impossible in a free market. If a wireless carrier successfully attempted this, it would indicate that wireless Internet access is not a free market, but something more like a monopoly or cartel which should be regulated for the public good.
-
-
0:55
»
SecDocs
Authors:
Stephan Chenette Tags:
malware malware analysis Event:
Black Hat EU 2010 Abstract: Thousands of legitimate web sites serve malicious content to millions of visitors each and every day. Trying to piece all the research together to confirm any similarities between possible common group patterns within these websites, such as redirectors that belong to the same IP, IP range, or ASN, and reconstructing the final deobfuscated code can be time-consuming and sometimes impossible given many of the freely available tools. I will present a web security research project called FireShark that is capable of visiting large collections of websites at a time, executing, storing and analyzing the content, and from it identifying hundreds of malicious ecosystems of which the data, such as the normalized, deobfuscated content within them can easily be analyzed.
-
-
14:29
»
Hack a Day
While we could be content following our “kiddie d-day” as [Caleb Kraft] suggested. We know you can’t continue such an awesome Friday without trying to blow yourself up first. This Wiimote Rubens’ tube caught our eye. A PVC Aluminum irrigation pipe is drilled with holes and propane is pumped through. A speaker on one end [...]
-
-
17:00
»
Packet Storm Security Advisories
Secunia Research has discovered a vulnerability in e107, which can be exploited by malicious users to conduct script insertion attacks. Input passed via the content_heading parameter to 107_plugins/content/content_manager.php while creating new content is not properly sanitized before being displayed to the user. This can be exploited to insert arbitrary HTML and script code, which will be executed in a user's browser session in context of an affected site when the malicious data is being viewed. Successful exploitation requires authentication and that the Content Management plugin is enabled. e107 version 0.7.19 is affected.
-
-
19:00
»
Packet Storm Security Recent Files
Bugzilla versions before 3.0.11, 3.2.6, 3.4.5, and 3.5.3 allow for content browsing of various directories that may have sensitive information in them if customized. Bugzilla versions 3.3.1 to 3.4.4, 3.5.1, and 3.5.2 suffer from a bug moving vulnerability.
-
19:00
»
Packet Storm Security Advisories
Bugzilla versions before 3.0.11, 3.2.6, 3.4.5, and 3.5.3 allow for content browsing of various directories that may have sensitive information in them if customized. Bugzilla versions 3.3.1 to 3.4.4, 3.5.1, and 3.5.2 suffer from a bug moving vulnerability.
1337day (was: Inj3ct0r, 1337db)
OSVDB Vulnerabilities
Exploit-DB
SecurityFocus Vulnerabilities
Bugtraq
XSSed
Sophos security news
Penetration Testing
BackTrack Linux Forums
Threatpost
carnal0wnage.attackresearch.com
Carnal0wnage
Darknet
The Exploitant