The Common Vulnerability Scoring System (CVSS) provides an open framework for communicating the characteristics and impacts of IT vulnerabilities.

In adressing an IIS 5 bug (CVE-2007-2815), the Microsoft Knowledge Base article #328832 went a step further in presenting the conditions needed to reproduce the issue: they provided step by step instructions to what is basically an exploit of the vulnerability

In the pursuit of accurate statements about application security, Ory Segal took a new shot at Beehive, the last bulletin board which I considered bug free in 2006. Well it didn’t take him long to find not one, not two but three new Beehive XSS vulnerabilities . I have installed Beehive 0.71 and indeed the vulnerabilities are confirmed.

he BBpress authentication page (bb-login.php) is home of a XSS vulnerability.

I decided to take a look at today’s top 10 bulletin boards and see how many security vulnerabilities have been published in the last 12 months by Secunia.

Andrew van der Stock announced the availability of OWASP Top 10 2007 .

This Web Security Trends Report presents new research and statistical breakdowns illustrating the universal nature of malicious code, as well as exposing the presence of malicious code on webpages translated by online translation services.

6 days after Wordpress 2.2 release, Janek Vind has discovered a SQL injection vulnerability in WordPress 2.1.3, which can be exploited to conduct SQL injection attacks.

I reviewed the number of security vulnerabilities published for the major blogging platforms in the past year (May 2006 - May 2007) . The numbers are high, especially for the open source products (Wordpress, Drupal).

David Kierznowski of Operation n has discovered a serious flaw in the Akismet anti-spam plugin that comes by default with the latest version of WordPress (2.1.3).