(CVE-2014-1648) Symantec Messaging Gateway Management Console Cross Site...
I. VULNERABILITY-------------------------Reflected XSS Attacks vulnerability in Symantec Messaging Gateway Version10.5.1II. BACKGROUND-------------------------Symantec Corporation is an American...
View ArticleDistil's Inaugural Bad Bot Research Indicates Online Security Risk Deeper and...
Distil's Inaugural Bad Bot Research Indicates Online Security Risk Deeper and Broader than Heartbleed BugBad Bots Outnumber Good Bots as a Percentage of All Web TrafficFinancial Services Serve Highest...
View ArticlePaper: XDS: Cross-Device Scripting Attacks on Smartphones through HTML5-based...
HTML5-based mobile apps become more and more popular,mostly because they are much easier to be ported acrossdifferent mobile platforms than native apps. HTML5-basedapps are implemented using the...
View ArticleCritical: APPLE-SA-2014-04-22-1 Security Update 2014-002
Lots of critical security updates! Not posted to the apple security page yet, but showing up in software update.Here's the apple-security mailing list post:APPLE-SA-2014-04-22-1 Security Update...
View ArticleCached for those that didn't catch it: Sitecom firmware encryption and...
Last year we blogged about multiple security issues affecting Sitecom device models WLM-3500 and WLM-5500. One of the issues we identified allowed attackers to obtain the default wireless passphrase in...
View ArticleSnake Campaign: A few words about the Uroburos Rootkit
Over the past few days, analyzing the new Uroburos (aka Turla) rootkit has been exciting. That's because the sample dropper (MD5: a86ac0ad1f8928e8d4e1b728448f54f9) includes a lot of clever features. We...
View ArticleCVE-2014-2042 - Unrestricted file upload in Livetecs Timelive
Vulnerability title: Unrestricted file upload in Livetecs TimeliveCVE: CVE-2014-2042Vendor: LivetecsProduct: TimeliveAffected version: 6.2.71Fixed version: 6.5.1Reported by: Richard HatchDetails:It was...
View ArticleAirPhoto WebDisk v4.1.0 iOS - Code Execution Vulnerability
Document Title:===============AirPhoto WebDisk v4.1.0 iOS - Code Execution VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1258Release...
View ArticleUnauthenticated access to sensitive information and functionality in Livetecs...
Vulnerability title: Unauthenticated access to sensitive information andfunctionality in Livetecs TimeliveCVE: CVE-2014-1217Vendor: LivetecsProduct: TimeliveAffected version: 6.2.71Fixed version:...
View ArticleCVE-2014-2383 - Arbitrary file read in dompdf
Vulnerability title: Arbitrary file read in dompdfCVE: CVE-2014-2383Vendor: dompdfProduct: dompdfAffected version: v0.6.0Fixed version: v0.6.1 (partial fix)Reported by: Alejo Murillo MoyasDetails:An...
View ArticleSEC Consult SA-20140423-0 :: Path Traversal/Remote Code Execution in WD...
SEC Consult Vulnerability Lab Security Advisory < 20140423-0 >======================================================================= title: Path Traversal/Remote Code Execution...
View ArticleInspection of Division & Multiplication
Division and multiplication calculations can lead to trigger bugs, and potentially pose as security risks. Here are few things that I believe to be helpful for those who do binary inspection.read...
View Articleelite-proxy-finder
Finds elite anonymity (L1) HTTP proxies using gatherproxy.com and letushide.com then test them all in parallel. Scrapes 25 L1 proxies which were checked on by gatherproxy.com within the last 2-5...
View ArticlePaper: Characterizing Malware with MAEC and STIX
This document describes the use of the Malware Attribute Enumeration and Characterization (MAEC)and Structured Threat Information eXpression (STIX) and languages in the context of...
View ArticleAn SMS Trojan with global ambitions
Recently, we’ve seen SMS Trojans starting to appear in more and more countries. One prominent example is Trojan-SMS.AndroidOS.Stealer.a: this Trojan came top in Kaspersky Lab's recent mobile malware...
View ArticleATTACK PREDICTION: MALICIOUS GTLD SQUATTING MAY BE THE NEXT BIG THREAT
Late last year, ICANN began expanding the generic Top-Level Domains (gTLDs). In addition to the standard .COM, .ORG, and .NET TLDs, over 1,300 new names could become available in the next few years....
View ArticleAdvisory: jruby-sandbox Breakout
Phenoelit Advisory <wir-haben-auch-mal-was-gefunden #0815 +-+++>[ Authors ] joernchen <joernchen () phenoelit de> Phenoelit Group (http://www.phenoelit.de)[ Affected...
View ArticleTR-23 Analysis - NetWiredRC malware
CIRCL analyzed a malware sample which was only sporadically detected by just a handful antivirus engines, based on heuristic detection. CIRCL analyzed the entire command structure of the malware and...
View ArticleUsing Facebook Notes to DDoS any website
Facebook Notes allows users to include <img> tags. Whenever a <img> tag is used, Facebook crawls the image from the external server and caches it. Facebook will only cache the image once...
View ArticleDepot WiFi v1.0.0 iOS - Multiple Web Vulnerabilities
Document Title:===============Depot WiFi v1.0.0 iOS - Multiple Web VulnerabilitiesReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1259Release...
View Article