BVS Site 4.0.1 / 5.2.1 XSS Scripting Vulnerability
+] Persistent Cross Site Scripting on BVS Site[+] Date: 02/05/2014[+] Risk: HIGH[+] Author: Felipe Andrian Peixoto[+] Vendor Homepage: http://trac.reddes.bvsalud.org/projects/bvs-site/wiki/Downloads[+]...
View ArticleJing Wang Offers A Little More Detail to Covert Redirect Vulnerability...
Google OpenID Covert Redirect Vulnerability (漏洞)Google’s OpenID system is susceptible to Attacks. More specifically, the authentication of parameter “&openid.return_to” in OpenID system is...
View ArticleClik here to view.
Windows Registry Forensics
IntroductionAs everyone knows, the Windows Operating System launched by Microsoft is the most widely used OS in the world. As per the statistics, more than eighty percent of people use a Windows...
View ArticleClik here to view.
NETGEAR DGN2200 1.0.0.29_1.7.29_HotS - Stored XSS Vulnerability
Authored by Dolev Farhi @f1nhack# Vendor homepage: http://netgear.com# Affected Firmware version: 1.0.0.29_1.7.29_HotS# Affected Hardware: NETGEAR DGN2200 Wireless ADSL RouterSummary=======NETGEAR...
View ArticleClik here to view.
Dumping Sensitive Data from Custom Active Directory Properties
One of the first things I like to do when I land on a domain-joined machine is enumerate the domain. Sometimes I do this even before attempting to privilege escalate. Sometimes a few LDAP queries is...
View ArticleClik here to view.
Busybox Honeypot Fingerprinting and a new DVR scanner
My little "lab of vulnerable devices" is still getting regular visits from script kiddies world wide. By now, I replaced some of the simulated honeypots with actual devices, giving me a bit a more...
View ArticleClik here to view.
Android Application Secure Design/Secure Coding Guidebook
This guidebook is a collection of tips concerning the know-how of secure designs and secure codingfor Android application developers. Our intent is to have as many Android application developers...
View ArticleClik here to view.
Slides: The case of the missing file extensions
Some Windows file extensions are always hidden. The presentation describes how to find them, the potential for abuse by malware and what can be done to mitigate the risks.more...
View ArticleClik here to view.
DNS Modification with DNSInject for Nessus Plugin 35372
Part of our normal pen test process, when performing an external assessment, is running a Nessus scan against the in-scope IP range(s) provided by our customer. We usually have this running in the...
View ArticleClik here to view.
F5 BIG-IQ v4.1.0.2013.0 authenticated arbitrary user password change
F5 BIG-IQ is vulnerable to an input validation attack that allows an authenticated user to increase their privileges to that of another user. This allows an authenticated user with 0 roles to take on...
View ArticleClik here to view.
Paper: Analyzing Forged SSL Certificates in the Wild
Abstract—The SSL man-in-the-middle attack uses forged SSLcertificates to intercept encrypted connections between clientsand servers. However, due to a lack of reliable indicators, it isstill unclear how...
View ArticleClik here to view.
Say Hello to MalControl: Malware Control Monitor
Gathering open data from malware analysis websites is the main target of Malware Control Monitor project. Visualize such a data by synthesize statistics highlighting where threats happen and what their...
View ArticleClik here to view.
Anatomy of an exploit: CVE 2014-1776
When the Internet Explorer 0-day CVE 2014-1776 was announced, we turned to our intelligence feeds for more information. In the course of taking it apart we found a few things that were quite...
View ArticleClik here to view.
Critical: OAuth 2.0 and OpenID have serious Covert Redirect vulnerability...
It could lead to Open Redirect Attacks to both clients and providers of OAuth 2.0 or OpenID. For OAuth 2.0, these attacks might jeopardize “the token” of the site users, which could be used to access...
View ArticleClik here to view.
Metasploit: Apache Struts ClassLoader Manipulation Remote Code Execution
### This module requires Metasploit: http//metasploit.com/download# Current source: https://github.com/rapid7/metasploit-framework##require 'msf/core'class Metasploit3 < Msf::Exploit::Remote Rank =...
View ArticleClik here to view.
Fake keys for Tails developers' email address
Hi,u. (Cc'd) has notified me of two fake keys with Tails developers'email addresses: EB24 9600 79A3 E2B9 3BFE 48B5 05F8 BB78 B38F 4311 C3BA A4BF E369 B2B8 6018 B515 0E08 AC78 06C0 69C8 These are *not*...
View ArticleClik here to view.
Ruby OpenSSL private key spoofing ~ CVE-2014-2734 with PoC Considered Invalid
After analyzing the PoC script we (maintainers of the Ruby OpenSSLextension) consider CVE-2014-2734 to be invalid. Others have independentlyarrived at the same conclusion: [1][2] You may find a summary...
View ArticleClik here to view.
Continued analysis of the LightsOut Exploit Kit
At the end of March, we disclosed the coverage of an Exploit Kit we called “Hello”: http://vrt-blog.snort.org/2014/03/hello-new-exploit-kit.html, or “LightsOut”, we thought we’d do a follow up post to...
View ArticleClik here to view.
Zamfoo Multiple Arbitrary Command Executions
# Title: Zamfoo Multiple Arbitrary Command Executions# Author: Al-Shabaab# Vendor Homepage: http://www.zamfoo.com/# Version: 12.6# IntroThe ZamFoo software suite is a series of WHM plugin modules...
View ArticleClik here to view.
Crime24 Stealer Panel
Description:An attacker can execute an XSS and inject sql commands in the search form.Usage info:You must be logged in the admin...
View Article