Tag Archives: component vulnerabilities

Expert Finds Security Holes In Sites Of Microsoft, Twilio and ProActive CMS


January 16, 2013 By
The Vigilant Application Owner

Softpedia – (International) Expert finds security holes in sites of Microsoft, Twilio and ProActive CMS. A security researcher discovered vulnerabilities in Web sites belonging to Microsoft and Twilio, as well as issues in ProActive content management system (CMS). Twilio and Microsoft addressed their respective cross-site request forgery and cross-site scripting vulnerabilities, while the ProActive CMS […]

Continue reading...

Red October Cyber Espionage Campaign Relied On Java Exploit To Infect Computers


January 15, 2013 By
The Vigilant Application Owner

Softpedia – (International) Red October cyber espionage campaign relied on Java exploit to infect computers. Researchers at Seculert analyzed the recently-discovered ‘Red October’ cyber espionage campaign and found that it had also utilized a Java vulnerability to disseminate malware. Source: http://news.softpedia.com/news/Red-October-Cyber-Espionage-Campaign-Relied-on-Java-Exploit-to-Infect-Computers-321319.shtml

Continue reading...

Oracle Responds To Warning On Java Vulnerability


January 13, 2013 By
The Vigilant Application Owner

International Business Times – Oracle has announced fixes for two flaws in its Java software. One research group says Java was responsible for half of all cyberattacks in 2012 that involved an exploited software bug. Last week, the Department of Homeland Security and security researchers said they had identified vulnerabilities in the software that could […]

Continue reading...

Exploit Code, Metasploit Module Out For Ruby On Rails Flaws


January 10, 2013 By
The Vigilant Application Owner

Threatpost – (International) Exploit code, Metasploit module out for Ruby on Rails flaws. Proof-of-concept exploit code and a penetration testing module were released for several Ruby on Rails vulnerabilities that could allow arbitrary code execution and the installation of backdoors, presenting a major vulnerability for Web sites using versions other than the most recently released. […]

Continue reading...

All Ruby On Rails Versions Affected By SQL Injection Flaw


January 3, 2013 By
The Vigilant Application Owner

Help Net Security – (International) All Ruby on Rails versions affected by SQL injection flaw. The developers of Ruby on Rails released three new versions of the application framework to address an SQL injection vulnerability present in all past iterations of the software. Source: http://www.net-security.org/secworld.php?id=14173

Continue reading...

Flaw In Facebook Allowed Attachers To Record Video Of User And Post It On The Timeline


December 28, 2012 By
The Vigilant Application Owner

Softpedia – (International) Flaw in Facebook allowed attackers to record video of user and post it on the timeline. Researchers from XYSEC Labs identified a cross site request forgery (CSRF) vulnerability in Facebook that could allow an attacker to record video from the victim’s webcam or other source and then post it to the victim’s […]

Continue reading...

Researcher Finds XSS Vulnerabilities In cPanel And WHM 11.34


December 27, 2012 By
The Vigilant Application Owner

Softpedia – (International) Researcher finds XSS vulnerabilities in cPanel and WHM 11.34. A researcher released a video where he identified cross-site scripting (XSS) vulnerabilities in the popular cPanel and WHM 11.34 Web hosting control panel. Source: http://news.softpedia.com/news/Researcher-Finds-XSS-Vulnerabilities-in-cPanel-WHM-11-34-Video-317356.shtml

Continue reading...

Drupal 7.18 and 6.28 Released To Address Security Vulnerabilities


December 20, 2012 By
The Vigilant Application Owner

Softpedia – (International) Drupal 7.18 and 6.28 released to address security vulnerabilities. Drupal 7.18 and 6.27 were released to fix three remotely exploitable vulnerabilities, all rated moderately critical. – 8 – Source: http://news.softpedia.com/news/Drupal-7-18-and-6-28-Released-to-Address-Security-Vulnerabilities-316281.shtml

Continue reading...

Hackers Breached Heating System Via Industrial Control System Backdoor


December 13, 2012 By
The Vigilant Application Owner

Wired.com – (New Jersey; International) Hackers breached heating system via industrial control system backdoor. Hackers broke into the industrial control system (ICS) of a New Jersey air conditioning company earlier this year, using a backdoor vulnerability in the system, according to a FBI memo made public the week of December 10. The intruders first breached […]

Continue reading...

Stored XSS That Allowed Hackers To Hijack Tumblr Blogs Still Unfixed


December 11, 2012 By
The Vigilant Application Owner

Softpedia – (International) Stored XSS that allowed hackers to hijack Tumblr blogs still unfixed. The stored cross-site scripting (XSS) vulnerability that allowed hackers to hijack Tumblr blogs remains unfixed, according to a security researcher. He explains that this vulnerability could be utilized for numerous cybercriminal operations. The stored XSS could be used for phishing, malware […]

Continue reading...