-
ActiveX Vulnerability Pwns MySpace, Facebook users
"A buffer overflow enabled hackers to exploit the Aurigma ActiveX image uploading software used by Facebook, MySpace and other social networking sites, " said Rachwald. "The bad news is that this exploit is being used in a hacker toolkit currently being offered for download on several Chinese language sites, meaning that novices have been able…
-
Orkut Worm v2.0
"The Scrapkut worm uses active code injection to spread between victims and their friends on Orkut. The malicious code appears on a victim’s scrapbook, containing a link to a supposed YouTube video. People who click on the link are redirected to an external site hosting malware that's disguised as a Flash upgrade. Users duped into…
Favorite Links
- Security Templates (New)
- The Web Application Security Consortium
- QA Security
- The Web Security Mailing List
- Romain Gaucher’s Blog
- Jeremiah Grossman’s Blog
Popular Pages
WASC Threat Classification
- Abuse of Functionality
- Application Misconfiguration
- Brute Force Attack
- Content Spoofing
- Credential/Session Prediction
- Denial of Service
- Directory Indexing
- Information Leakage
- Remote File Inclusion Attack
- Routing Detour Attack
- SOAP Array Abuse
- XML Attribute Blowup
- XML Injection
- XML External Entity Attack