(Dec 30) Thorsten Glaser discovered that the RSSReader extension for mediawiki, a website engine for collaborative work, does not properly escape tags in feeds. This could allow a malicious feed to inject JavaScript into the mediawiki pages. [More…]
(Dec 29) MoinMoin could be made to run programs and overwrite files.
(Dec 26) Bjorn Mork and Laurent Butti discovered crashes in the PPP and RTPS2 dissectors, which could potentially result in the execution of arbitrary code. [More…]
(Dec 27) Marko Myllynen discovered that elinks, a powerful text-mode browser, incorrectly delegates user credentials during GSS-Negotiate. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Dec 27) Multiple security issues have been found in Mahara – an electronic portfolio, weblog, and resume builder -, which can result in cross-site scripting, clickjacking or arbitrary file execution. [More…]
50 queries. 8.5 mb Memory usage. 0.252 seconds.