# Title: [SQL injection vulnerability in Amelia CMS]
# Date: [10.02.2010] # Author: [Ariko-Security] # Software Link: [http://www.ameliadesign.eu/] # Version: [ALL] # Tested on: [freebsd / ubuntu] ============ { Ariko-Security - Advisory #3/2/2010 } ============= SQL injection vulnerability in Amelia CMS Vendor's Description of Software: # http://www.ameliadesign.eu/ Dork: # N/A Application Info: # Name: Amelia CMS # Versions: ALL Vulnerability Info: # Type: SQL injection Vulnerability # Risk: High Fix: # N/A Time Table # 10/02/2009 - Vendor notified. Input passed via the "page" parameter to index.p ... Read more » |
Same-origin policy for JavaMuch like Adobe Flash, Java applets, reportedly supported on about 80% of all desktop systems, follow the basic concept of same-origin checks applied to a runtime context derived from the site the applet is downloaded from. The documentation for Java security model available on the Internet appears to be remarkably poor and spotty, so the information provided in this section is in large part based on empirical testing. According to this research, the following permissions are available to Java applets:
|
Same-origin policy for cookiesAs the web started to move from static content to complex applications, one of the most significant problems with HTTP was that the protocol contained no specific provisions for maintaining any client-associated context for subsequent requests, making it difficult to implement contemporary mechanisms such as convenient, persistent authentication or preference management (HTTP authentication, as discussed later on, proved to be too cumbersome for this purpose, while any in-URL state information would be often accidentally disclosed to strangers or lost). To address the need, HTTP cookies were implemented ... Read more » |
Part2
Browser Security Handbook, part 2 Browser Security Handbook, part 2
Table of Contents |
Core Security Technologies - CoreLabs Advisory
http://www.coresecurity.com/ Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers 1. *Advisory Information* Title: Multiple Vulnerabilities with 8.3 Filename Pseudonyms in Web Servers Advisory Id: CORE-2010-0121 Advisory URL: http://www.coresecurity.com/ Date published: 2010-02-05 Date of last update: 2010-02-05 Vendors contacted: Cherokee team, Nginx team, Mongoose team Release mode: User release 2. *Vulnerability Information* Class: Improper Handling of Exceptional Conditions [CWE-755], Path traversal [CWE-22 ... Read more » |
Cascading stylesheetsCascading Style Sheets is a simple ... Read more » |
HTML entity encodingHTML features a special encoding scheme called HTML entities. The purpose of this scheme is to make it possible to safely render certain reserved HTML characters (e.g., < > &) within documents, as well as to carry high bit characters safely over 7-bit media. The scheme nominally permits three types of notation:
|