[RHSA-2013:0746-01] Important: rhev-hypervisor6 security and bug fix update
===================================================================== Red Hat Security AdvisorySynopsis: Important: rhev-hypervisor6 security and bug fix updateAdvisory ID:...
View ArticleSMF 2.0.4 PHP Code Injection Vulnerability
<?php// proof of concept that latest SMF (2.0.4) can be exploited by php injection.// payload code must escape from \', so you should try with something like that:// p0c\';phpinfo();// as a...
View ArticleMonitoring MySQL with OpenTSDB Slides
Check out this slide show here from Percona Live 2013.......https://cloud.box.com/monitoringMysqlWithOpentsdb
View ArticleRemote ABAP Code Injection in OpenText/IXOS ECM for SAP NetWeaver
[ESNC-2013-004] Remote ABAP Code Injection in OpenText/IXOS ECM forSAP NetWeaverPlease refer to http://www.esnc.de for the original security advisory,updates and additional...
View Articletelepathy-idle does not check SSL certificates
In versions prior to 0.1.15, telepathy-idle, an IRC backend for theTelepathy framework, does not check the server's SSL/TLS certificate forvalidity[1]. A network intermediary could use this flaw to...
View ArticleHow XSS can defeat your digital signatures
Recently we exploited nice XSS vector in one of RBS (Remote Banking Service) system. This example shows very well how dangerous can be client-attack.Client after the authorization could sign electronic...
View ArticleThreat Outbreak Alert: Fake CareerBuilder Notification E-mail Messages
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a notification from CareerBuilder for the recipient. The text...
View ArticleThreat Outbreak Alert: Fake Fraudulent Visa Credit Card Transactions...
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a credit card transaction notification for the recipient. The...
View ArticleClik here to view.
Possible Exploit Vector for DarkLeech Compromises
Often it is quite surprising how long old, well-known vulnerabilities continue to be exploited. Recently, a friend sent me an example of a malicious script used in an attempted attack against their...
View ArticleMailbox iOS App is a Security Fail
After posting this on HackerNews some developers / users feel my hypothesis is wrong and one can not repeat the steps below without having physical access to an user’s phone or locked devices. I agree...
View ArticleMicrosoft Security Newsletter - April 2013
Microsoft Security Newsletter - April 2013Trustworthy Computing | April 2013Microsoft Security NewsletterWelcome to April’s Security Newsletter!This month’s newsletter theme focuses...
View Article[RHSA-2013:0769-01] Low: glibc security and bug fix update
===================================================================== Red Hat Security AdvisorySynopsis: Low: glibc security and bug fix updateAdvisory ID:...
View Article[RHSA-2013:0770-01] Important: java-1.6.0-openjdk security update
===================================================================== Red Hat Security AdvisorySynopsis: Important: java-1.6.0-openjdk security updateAdvisory ID:...
View Article[RHSA-2013:0771-01] Moderate: curl security update
===================================================================== Red Hat Security AdvisorySynopsis: Moderate: curl security updateAdvisory ID:...
View ArticleApache CloudStack Security Advisory: Multiple vulnerabilities in Apache...
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Product: Apache CloudStackVendor: The Apache Software FoundationCVE References: CVE-2013-2756, CVE-2013-2758Vulnerability Type(s): Authentication bypass...
View ArticleMetasploit: GroundWork monarch_scan.cgi OS Command Injection
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# Framework web site for more information on licensing and...
View ArticleMultiple Vulnerabilities in phpMyAdmin
[waraxe-2013-SA#103] - Multiple Vulnerabilities in phpMyAdmin===============================================================================Author: Janek Vind "waraxe"Date: 25. April 2013Location:...
View ArticleEmployees Keeping Quiet on Potential Corporate Data Leaks
ABINGDON, England, April 25, 2013 /PRNewswire/ --Research from Kaspersky Lab reveals poor mobile device management strategies leaving business information exposedEuropean SMBs are exposing themselves...
View ArticleWindows Light HTTPD 0.1 - Buffer Overflow
import urllib2from time import sleep##########################################################################################################################################...
View ArticleCyber Defense Exercise 2013: Extracting cached passphrases in Truecrypt
This was an incredibly difficult challenge. We unfortunately did not solve it before CDX ended, however, I'm grateful to Carnegie Mellon University (CMU) for keeping the forensic examination...
View Article