1) Novell GroupWise WebAccess Multiple Security Vulnerabilities Novell GroupWise WebAccess is susceptible to multiple vulnerabilities including Cross-Site Scripting and issues of security restriction bypass. Attackers who successfully exploit these vulnerabilities could steal cookie-based authentication...
1) Multiple Symantec Products Log Viewer Script Injection Vulnerabilities Multiple Symantec Products are susceptible to browser-exploitable script injection vulnerabilities due to improper sanitization of user-supplied input used in dynamically created content. Successful exploitation would give an attacker...
1) Apache Geronimo Application Server Multiple Remote Vulnerabilities Apache Geronimo Application Server is susceptible to multiple vulnerabilities including Cross-Site Scripting, HTML Injection, directory traversal, and Cross-Site Request Forgery. Successful exploitation could give an attacker the means...
Aspect Security has just released, through OWASP , a new tool called " Scrubbr ". Scrubbr is a Java program which connects to your database (MySQL 5+, MS SQL 2005+, and Oracle) directly and analyzes databases or specific tables looking for XSS strings. The strings are defined via an XML--it...
Netcraft is reporting today about a phishing attack leveraging XSS against an Italian bank. From the article (emphasis mine) An extremely convincing phishing attack is using a cross-site scripting vulnerability on an Italian Bank's own website to attempt to steal customers' bank account details...
The Apple iPhone’s Safari web browser has a special feature that allows the user to dial any phone number displayed on a web page simply by tapping the number. SPI Labs has discovered that this feature can be exploited by attackers to perform various attacks, including: Redirecting phone calls...
I’m really excited to be speaking at Shmoocon again and especially excited about my presentation this Saturday at 1pm. Javascript Malware for a Gray Goo Tomorrow focuses on the increased scope of damage caused by Cross-Site Scripting (XSS) vulnerabilities in the last year. The Web 2.0 revolution...