[RHSA-2013:0772-01] Important: mysql security update
===================================================================== Red Hat Security AdvisorySynopsis: Important: mysql security updateAdvisory ID:...
View ArticleGlobal Phishing Survey 2H2012
Driven by a profit motive, phishers are a creative and efficient lot. By analyzing the phishingthat took place in the second half of 2012, we have learned how the phishers perpetratedtheir attacks, and...
View Articlehttp://safe3.com.cn reported Nginx ngx_http_close_connection function integer...
Please contact Qihoo 360 Web Security Research Team directly for verification as this was also posted in several other well known security forums ( e.g. Security Focus) but not sure of the legitimacy...
View ArticleSpeed up your sites with PageSpeed for Nginx
When we released mod_pagespeed in 2010, we gave webmasters a way to speed up their sites without needing to become web performance optimization experts. As an Apache module, however, it was unavailable...
View ArticleMultiple Vulnerabilities in D'Link DIR-635
Device Name: DIR-635Vendor: D-Link============ Vulnerable Firmware Releases: ============Firmwareversion: 2.34EUHardware-Version: B1Produktseite: DIR-635============ Vulnerability Overview:...
View ArticleApache Binary Backdoors on Cpanel-based servers
For the last few months we have been tracking server level compromises that have been utilizing malicious Apache modules (Darkleech) to inject malware into websites. Some of our previous coverage is...
View Article50 Million Plus User Base LivingSocial Hacked, Time to Change Your Passwords
The daily deals site LivingSocial has been hacked, revealing more than 50 million people's usernames, names, birth dates, passwords, and email addresses. Here's what you need to know.read...
View ArticleMicrosoft Security Bulletin Revision for Microsoft XML Core Services
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256********************************************************************Title: Microsoft Security Bulletin Minor RevisionsIssued: April 26,...
View ArticleLinux/Cdorked.A: New Apache backdoor being used in the wild to serve Blackhole
Last week, our friends at Sucuri sent us a modified version of an Apache webserver redirecting some of its requests to the infamous Blackhole exploit packs. Sucuri has published a blog post on this...
View ArticleClik here to view.
WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability
WPS Office Wpsio.dll Stack Buffer Overflow Vulnerability1 SummaryCVE number: CVE-2012-4886Impact: HighVendor homepage: http://www.wps.cnCredit: Zhangjiantao of Hangzhou DPtech Technologies2 Affected...
View ArticleBF and IA vulnerabilities in IBM Lotus Domino
I want to warn you about Brute Force and Insufficient Authenticationvulnerabilities in IBM Lotus Domino. These are vulnerabilities in Domino,which I've found on 03.05.2012 together with other...
View ArticleKali Linux Offers Accessibility to Features For the Blind or Visually Impaired
What a great feature:)A couple of weeks ago, we were approached (independently) by two blind security enthusiasts who both drew our attention to the fact that Kali Linux had no built-in accessibility...
View ArticleMountain Lion/iOS Vulnerabilities Garage Sale
IntroductionWithin this paper wewill document all the0-day vulnerabilities we disclosed during ourtalk at SyScan 2013.These vulnerabilities coverdifferent areas of theMountainLionandiOSecosystem,...
View ArticleFreePBX 2.9 Backup Module Remote Command Execution Vulnerability
# Title: FreePBX 2.9 Backup Module Remote Command Execution Vulnerability# Author: Ahmed Aboul-Ela# Contact: Ahmed.Aboul3la[at]gmail[dot]com# Vendor: http://www.freepbx.org# Software Link:...
View ArticleElecard MPEG Player 5.8 Local PoC
#!/usr/bin/python# Exploit Title:Elecard MPEG Player 5.8 Local PoC# Download link :www.elecard.com/assets/files/distribs/mpeg-player/EMpgPlayer.zip# Product: Vulnerable# Elecard MPEG Player,Elecard AVC...
View ArticleMultiple vulnerabilities in BOINC
There have been various recent(-ish) vulnerabilities found in the BOINCsoftware for desktop grid computing. The major projects have (hopefully)fixed all of these by now, and the clients should only be...
View ArticlePHPValley Micro Jobs Site Script 1.01 Account Takeover
Author: Jason WhelanPacketStorm: exploitdevEmail: exploitdevj@gmail.comTarget Software: PHPValley Micro Jobs Site Script 1.01Vendor URL: http://phpvalley.com/Demo: http://phpvalley.com/demoAccount...
View ArticleLibrary of Malware Traffic Patterns
Traffic analysis has been the primary method of malware identification and thousands of IDS signatures developed are the daily proof. Signatures definitely help but ability to visually recognize...
View ArticleJoomla!
------------------------------------------------------------------Joomla! <= 3.0.3 (remember.php) PHP Object Injection...
View ArticleYour Mac, iPhone or iPad may have left the Apple store with a serious...
Just over a year ago to the day, my wife and I walked into the Apple store in Sydney’s CBD and bought her a shiny new MacBook Air. Macs weren’t familiar territory for us so we happily accepted the...
View Article