Foe CMS 1.6.5 - Multiple Vulnerabilities
Title: Foe CMS 1.6.5 SQL Injection VulnerabilityVendor: http://foecms.com/Download: http://code.google.com/p/foecms/downloads/listVersions: 1.6.5Platform: linux, windowsBug: SQL Injection | Cross Site...
View ArticleCORE-2013-0301 - Vivotek IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.comVivotek IP Cameras Multiple Vulnerabilities1. *Advisory Information*Title: Vivotek IP Cameras Multiple VulnerabilitiesAdvisory ID:...
View ArticleCORE-2013-0303 - D-Link IP Cameras Multiple Vulnerabilities
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.com/D-Link IP Cameras Multiple Vulnerabilities1. *Advisory Information*Title: D-Link IP Cameras Multiple VulnerabilitiesAdvisory ID:...
View ArticleUpdated: Security Notice for CA ControlMinder
CA20130213-01: Security Notice for CA ControlMinderIssued: February 13, 2013Last updated: April 29, 2013CA Technologies support is alerting customers to a potential riskwith CA ControlMinder. A...
View ArticleMobile Threats and the Underground Marketplace
A rapidly advancing mobile market and a corresponding decline in PC sales, sees 2013at a crucial intersection.Termed in a market trend as the “post‐PC” era, mobile devicesincreasingly present an...
View ArticleJavaScript code generates hidden iframe to malicious website
BackgroundOnline Website Malware Scanner has identified malicious JavaScript code injection in the scanned website. Such malicious obfuscated JavaScript code is used to build malicious iframe invisible...
View ArticleMemcached Remote Denial Of Service
#!/usr/bin/python# Author: infodox // @info_dox# Site: insecurety.net# Old bug, still unpatched. Patch nao?import sysimport socketprint "Memcached Remote DoS - Bursting Clouds yo!"if len(sys.argv) !=...
View ArticleTinyMCE Ajax File Manager Remote Code Execution Vulnerability
____ ____ ____ _______/ |________ ____ ____ / _ \ / \_/ __ \ / ___/\ __\_ __ \_/ __ \_/ __ \( <_> ) | \ ___/ \___ \ | | | | \/\ ___/\ ___/ \____/|___| /\___...
View Article[SECURITY] [DSA 2665-1] strongswan security update
- -------------------------------------------------------------------------Debian Security Advisory DSA-2665-1 security@debian.orghttp://www.debian.org/security/...
View ArticlePersonal File Share HTTP Server Remote Overflow Vulnerability
Title: Personal File Share HTTP Server Remote Overflow VulnerabilitySoftware : Personal File Share HTTP ServerSoftware Version : UNKNOWNVendor: http://www.srplab.com/Vulnerability Published :...
View ArticleSyslog Watcher Pro 'Date' Parameter Cross Site Scripting Vulnerability
Title: Syslog Watcher Pro 'Date' Parameter Cross Site Scripting VulnerabilitySoftware : Syslog Watcher ProSoftware Version : v2.8.0.812(Jun 15, 2009)Vendor: http://www.snmpsoft.com/Vulnerability...
View ArticleIBM Lotus Notes - arbitrary code execution
n.runs AGhttp://www.nruns.com/ security(at)nruns.comn.runs-SA-2013.005 30-APR-2013________________________________________________________________________Vendors: IBM, http://www.IBM.comProduct: Lotus...
View ArticleFirmware Hacking: The Samsung smart TV turn
Today I want to share a little experience I had in reversing Samsung Smat TV's Firmware. I am not going to explain every step in details but I just want to give an idea on how it's possible to perform...
View ArticleClik here to view.
AttackVector Linux new distribution for anonymized penetration and security
PUBLICksoona / attackvectorCodeNetworkPull Requests 0Issues 0WikiGraphsShellJavaScriptlinux distro for anonymized penetration based on Kali and TAILS — Read morehttp://sf.net/p/attackvectorClone in...
View Article[nginx-announce] nginx security advisory (CVE-2013-2070)
Maxim Dounin mdounin at mdounin.ru Mon May 13 11:33:36 UTC 2013Previous message: [nginx-announce] nginx-1.2.9Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]Hello!A security problem...
View ArticleWaterboard- iOS forensic imaging tool, capable of performing an advanced...
Waterboard is an iOS forensic imaging tool, capable of performing an advancedlogical acquisition of iOS devices by utilizing extended services and backdoors in Apple's built-in lockdown services. These...
View ArticleThe OWASP Top Ten 2013 was officially released yesterday
Welcome to the OWASP Top Ten Project - if you're looking for the OWASP Top 10 Mobile Click HereThe OWASP Top 10 for 2013 is now officially released as of June 12, 2013.Here is the OWASP Top 10 2013 -...
View ArticleCracking Credit Card Hashes with PowerShell
As penetration testers, we are frequently engaged to do penetration tests for PCI compliance. As a part of these penetration tests, we look for cardholder data (Card Numbers, CVV, etc.) in files,...
View ArticleAvira AntiVir Engine -- Denial of Service / Filtering Evasion
=== LSE Leading Security Experts GmbH - Security Advisory 2013-06-13 ===Avira AntiVir Engine -- Denial of Service / Filtering Evasion-...
View ArticlevBulletin Conditional Malware – myFTP.biz Malicious iFrames
We have to be honest here, there’s no fun in cleaning up infected .htaccess files. It’s boring, but it happens a lot! But it’s not the case here. I will also caveat that while in this specific instance...
View Article