Cross-site scripting (XSS) vulnerability in the backend in Kajona before 4.6.3 allows remote attackers to inject arbitrary web script or HTML via the action parameter to index.php.
Monthly Archives: January 2015
CVE-2015-0918 (sefrengo)
Cross-site scripting (XSS) vulnerability in the administrative backend in Sefrengo before 1.6.1 allows remote attackers to inject arbitrary web script or HTML via the searchterm parameter to backend/main.php.
CVE-2015-0919 (sefrengo)
Multiple SQL injection vulnerabilities in the administrative backend in Sefrengo before 1.6.1 allow remote administrators to execute arbitrary SQL commands via the (1) idcat or (2) idclient parameter to backend/main.php.
CVE-2015-0920 (banner_effect_header)
Cross-site request forgery (CSRF) vulnerability in the Banner Effect Header plugin 1.2.6 for WordPress allows remote attackers to hijack the authentication of administrators for requests that conduct cross-site scripting (XSS) attacks via the banner_effect_email parameter in the BannerEffectOptions page to wp-admin/options-general.php.
Holiday hacks down despite record-breaking shopping numbers
Retail cybercrime across the holiday season dropped, despite record business for companies across Black Friday and Cyber Monday, according to research from IBM, reported by Tech Week Europe.
The post Holiday hacks down despite record-breaking shopping numbers appeared first on We Live Security.
Pastebin: The Remote Backdoor Server For The Cheap And Lazy
Cryptowall's Ransomware's Tough Layers Peeled
Ukraine Blames Russia For German Hack
FBI Director Says North Korea Got Sloppy In Sony Hack
Windows exploitation in 2014
Today, we published our research about Windows exploitation in 2014. This report contains interesting information about vulnerabilities in Microsoft Windows and Office patched over the course of the year, drive-by download attacks and mitigation techniques.
The post Windows exploitation in 2014 appeared first on We Live Security.