Clik here to view.
miSecureMessages 4.0.1 - Session Management & Authentication Bypass...
Authored by Jared BirdAffected Product==================================miSecureMessages from Amtelco - Tested on version: Client=4.0.1Server=6.2.4552.30017iOS:...
View ArticleClik here to view.
BVS Site 4.0.1 / 5.2.1 XSS Scripting Vulnerability
+] Persistent Cross Site Scripting on BVS Site[+] Date: 02/05/2014[+] Risk: HIGH[+] Author: Felipe Andrian Peixoto[+] Vendor Homepage: http://trac.reddes.bvsalud.org/projects/bvs-site/wiki/Downloads[+]...
View ArticleClik here to view.
Jing Wang Offers A Little More Detail to Covert Redirect Vulnerability...
Google OpenID Covert Redirect Vulnerability (漏洞)Google’s OpenID system is susceptible to Attacks. More specifically, the authentication of parameter “&openid.return_to” in OpenID system is...
View ArticleClik here to view.
CloudFlare's Internet facing SSL cipher configuration
This repository tracks the history of the SSL cipher configuration used for CloudFlare's public-facing SSL web servers. The repository tracks an internal CloudFlare repository, but dates may not...
View ArticleClik here to view.
Police Locker land on Android Devices
The "Reveton team" has diversified its locking activity. The advert is old (2014-02-18) but i decided to write about it today as I found a TDS using almost all features proposed by this affiliate...
View ArticleClik here to view.
Windows Heap Overflow Exploitation
Hi ,In this article I will be talking about exploiting a custom heap : which is a big chunk of memory allocated by the usermode application using VirtualAlloc for example . The application will then...
View ArticleClik here to view.
How changing the URL bar introduced in Chrome canary can improve security
iOS has hidden the pathname of URLs for some time now, but recently Chrome Canary introduced something similar behind a flag.I'm not involved in the development of Chrome experiment at all, but I've...
View ArticleClik here to view.
Israeli Discovery: New Internet Vulnerability in DNS Protocol
A significant security breach has been discovered in the DNS protocol, by Israeli students from the Technion’s Department of Computer Sciences. As a result the algorithm will be replaced in the next...
View ArticleClik here to view.
CVE-2014-1776: HOW EASY IT IS TO ATTACK THESE DAYS
ust about a week ago, everyone was alarmed due to a new zero-day vulnerability affecting Internet Explorer 6 through 11. The vulnerability was used in attacks in the wild, which targeted IE 8 to IE 11....
View ArticleClik here to view.
Negative Impacts of Automated Vulnerability Scanners and How to Prevent them
Automated web application vulnerability scanners are constantly being used in order to automatically identify vulnerabilities such as Cross-Site Scripting (XSS) and SQL Injection on web applications....
View ArticleClik here to view.
Install service for Malware affiliates and individuals
This install service was running since a long time but the server recently died.People targeted are from Russia, Ukraine, Belarus, Kazakhstan, and Uzbekistan.more...
View ArticleClik here to view.
TeamHelpdesk Customer Web Service (CWS) 8.3.5 & Technician Web Access (TWA)...
# Exploit Title: Team Helpdesk Customer Web Service (CWS) Remote User Credential Dump exploit# Exploit Title: Team Helpdesk Technician Web Access (TWA) Remote User Credential Dump exploit# Date: May 5,...
View ArticleClik here to view.
About the processor_set_tasks() access to kernel memory vulnerability
At BlackHat Asia 2014, Ming-chieh Pan and Sung-ting Tsai presented about Mac OS X Rootkits (paper and slides). They describe some very cool techniques to access kernel memory in different ways than the...
View ArticleClik here to view.
Heartbleed client side analysis tool published
We are happy to announce hbad (heartbleed analysis daemon).If a request is sent to the hbad server by any client (e.g. IRC,Fetchmail, browser), the server initiates the SSL handshake and checksthe SSL...
View ArticleClik here to view.
Global Cost of Data Breach Increased by 15 percent, According to Ponemon...
On average, companies around the globe are spending $3.5 million to respond to a data breachTRAVERSE CITY, Mich., May 5, 2014 /PRNewswire/ -- Today Ponemon Institute released its ninth annual Cost of...
View ArticleClik here to view.
Private Group Messaging in TextSecure v2
One of the major features we introduced in the TextSecure v2 release was private group chat. We believe that group chat is an important feature for encrypted communications projects, so we wanted to...
View ArticleClik here to view.
PrestaShop 1.6.0 Blind SQLi Vulnerability
PrestaShop V1.6.0 Blind Sql Vulnerability 0-Day===============================================Author : indoushkavendor : http://www.prestashop.com/fr/telechargementDork : No 4...
View ArticleClik here to view.
K-Lite CODEC version 9.x Memory Corruption Vulnerability
# Exploit Title: [K-lite codec Version 9.x Memory corruption vulnerability]# Date: [2014/05/3]# Author: [Aryan Bayaninejad]# Linkedin : https://www.linkedin.com/profile/view?id=276969082# Vendor...
View ArticleClik here to view.
Cryptocurrencies Minimum Viable Block Chain- why the particular pieces...
Cryptocurrencies, and Bitcoin in particular, have been getting a lot of attention from just about every angle: regulation, governance, taxation, technology, product innovation, and the list goes on....
View ArticleClik here to view.
Coin Mining DVRs: A compromise from start to finish
The Criminals Behind ItAfter posting this diary, a brand new twitter account was used to post two tweets admitting to be behind this particular string of *coin minersmore...
View Article