September 1st, 2011 
Mourad Ben Lakhoua Kaspersky Lab site is now open to XSS (cross-site scripting) attacks together with Iframe injections. This is not good for any company, especially for a company dealing with security. An XSS attack launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as [...]
July 30th, 2011 Mourad Ben Lakhoua New vulnerability has been discovered in Elgg an open-source application that helps to create social networking engine, delivering the building blocks that enable businesses, schools, universities and associations to create their own fully-featured social networks and applications. Well-known Organizations with networks powered by Elgg include: Australian Government, British Government, Federal Canadian Government, MITRE, The World [...]
Posted in Vulnerabilities, Vulnerabilities & attacks, Web Security 
Tags: Elgg, open source, Vulnerability, XSS, XSS Vulnerability 
3 Comments » July 6th, 2011 Mourad Ben Lakhoua New exploit has been published that are targeting Joomla 1.6.3 or lower version the vulnerability allow an attacker to create a specially crafted URL that would execute arbitrary script code on victim’s browser. Cross-site request (XSRF or CSRF) is a web application attack that uses the existing trust relationship between web applications and authenticated users [...]
March 29th, 2011 Mourad Ben Lakhoua New Cross-site scripting vulnerability has been detected on Facebook and widely exploited in the mobile API version, this vulnerability allows a malicious user to include JavaScript content into a website and redirect victim’s browser to the prepared URL. I have already saw this flaw in the last few days, many of my friend list are [...]
Posted in Social Networking, Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: Facebook, XSS, XSS Vulnerability 48 Comments » March 14th, 2011 Mourad Ben Lakhoua Microsoft is investigating new public reports of vulnerability in all supported editions of Microsoft Windows. The vulnerability could allow an attacker to cause a victim to run malicious scripts when visiting various Web sites, resulting in information disclosure. This impact is similar to server-side cross-site scripting (XSS) vulnerabilities. MHTML, or Mime HTML, is a standard [...]
July 4th, 2010 Mourad Ben Lakhoua XSS vulnerability in YouTube comments processing allows an attacker to execute arbitrary scripts in the security context. Go on youtube. Choose any video. Add the following script: Update (1): It is better to stay away from YouTube until they fix the vulnerability or at least logging out of YouTube if you use it. Update (2): [...]
Posted in News, Vulnerabilities, Vulnerabilities & attacks, Web Security Tags: XSS, XSS Vulnerability, YouTube 10 Comments » April 27th, 2009 Mourad Ben Lakhoua According to Nemesis/t3am3lite (name of a website), Symantec’s site too is now open to XSS (cross-site scripting) attacks together with Iframe injections. An XSS attack, according to security experts, launches when a web program collects vicious data from an end-user mostly via a hyperlink that carries malicious content inside it. Thus, as the end-user clicks [...]
Posted in Vulnerabilities Tags: Security, Symantec, Vulnerability, Web, XSS Vulnerability 1 Comment »
