-
1) Novell GroupWise WebAccess Multiple Security Vulnerabilities Novell GroupWise WebAccess is susceptible to multiple vulnerabilities including Cross-Site Scripting and issues of security restriction bypass. Attackers who successfully exploit these vulnerabilities could steal cookie-based authentication...
-
1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created content. Successful exploitation would give an attacker...
-
1) Apache Geronimo Application Server Multiple Remote Vulnerabilities Apache Geronimo Application Server is susceptible to multiple vulnerabilities including Cross-Site Scripting, HTML Injection, directory traversal, and Cross-Site Request Forgery. Successful exploitation could give an attacker the means...
-
Aspect Security has just released, through OWASP , a new tool called " Scrubbr ". Scrubbr is a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML--it...
-
Netcraft is reporting today about a phishing attack leveraging XSS against an Italian bank. From the article (emphasis mine) An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details...
-
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including: Redirecting phone calls...
-
I’m really excited to be speaking at Shmoocon again and especially excited about my presentation this Saturday at 1pm. Javascript Malware for a Gray Goo Tomorrow focuses on the increased scope of damage caused by Cross-Site Scripting (XSS) vulnerabilities in the last year. The Web 2.0 revolution...