Clik here to view.
Sun/Oracle GlassFish Server Authenticated Code Execution - metasploit port /...
#Sun/Oracle GlassFish Server Authenticated Code Execution#This module logs in to an GlassFish Server 3.1 (Open Source or Commercial)instance using a default credential, uploads, and executes commands...
View ArticleClik here to view.
Horde Framework Unserialize PHP Code Execution - metasploit port / standalone...
#ported from metasploit by irrlicht#june 2014#modify dropper url and run#CVE-2014-1691use strict;use warnings;use LWP::UserAgent;use WWW::Mechanize;use MIME::Base64;if (!$ARGV[0]) { print "specify full...
View ArticleClik here to view.
Flussonic Media Server 4.3.3 Multiple Vulnerabilities
Document Title:============Flussonic Media Server 4.3.3 Multiple VulnerabilitiesRelease Date:===========June 29, 2014Product & Service Introduction:========================Flussonic is a...
View ArticleClik here to view.
Asterisk Phreaking How-To Make International Calls
Asterisk Phreaking How-Toby AkramachamareiThis file shows how to use asterisk to make international calls. All isdone with command line client. A graphical client like Zoiper can be usedadditionally to...
View ArticleClik here to view.
'Tails' Operating System Website Has Been Hacked
Just a few hours ago, the Official website of the Tails Operating System has been hacked and it appears that a self-proclaimed 17-year old hacker breached and defaced it.more...
View ArticleClik here to view.
Baidu Spark Browser 26.5.9999.3511 Stack Overflow
<!--Baidu Spark Browser v26.5.9999.3511 Remote Stack Overflow Vulnerability (DoS)Vendor: Baidu, Inc.Product web page: http://www.baidu.comAffected version: 26.5.9999.3511Summary: Spark Browser is a...
View ArticleClik here to view.
String encryption using macro and cryptor
I’ve found out a lot of people want to be able to encrypt strings in a C or C++ software. There are a lot of methods available, some of them not very user friendly. I present here my own proof of...
View ArticleClik here to view.
EXPLOIT MONDAY – A FEW INTERESTING EXPLOITS THAT WE ARE RESEARCHING
This weekly report is to discuss some of the more interesting vulnerabilities that have been found and to make sure that you patch appropriately. If there is not a patch available make sure to check...
View ArticleClik here to view.
SolidTLS
A well-written BSD licensed C language TLS implementationmore here...........https://github.com/wbl/SolidTLS
View ArticleClik here to view.
Paper: Information Spectrum Approach to Strong Converse Theorems for Degraded...
We consider block codes for degraded wiretap channels in which the legitimate receiver decodes the message with an asymptotic error probability ε but the leakage to the eavesdropper vanishes. For...
View ArticleClik here to view.
JavaRMI Remote Class Loading Exploitation with AV Bypass
For some time now I have been finding the Java RMI remote class loading vulnerability and have been very suceesful with metasploit, however recently I have had Anti-Virus (AV) pick this up. While this...
View ArticleClik here to view.
Optimising compilers as adversaries
Suppose that you want to handle some secret data in C and, in the wake of some high-profile vulnerability or other, want to take precautions against your secret being leakedmore...
View ArticleClik here to view.
Kaspersky Lab reveals an increase in RDP bruteforce attacks
Security experts at Kaspersky Lab have issued data related to the number of RDP brute force attacks on its clients which show a worrying trend.more...
View ArticleClik here to view.
SEC Consult SA-20140701-0 :: Stored cross-site scripting vulnerabilities in...
SEC Consult Vulnerability Lab Security Advisory 20140701-0======================================================================= title: Stored cross-site scripting vulnerabilities...
View ArticleClik here to view.
Cisco uncovers Microsoft Word spearphishing attack
CISCO HAS DISCOVERED spearphishing malware in Microsoft Word that uses an exploit targeting the software's Visual Basic Scripting for Applications feature.read...
View ArticleClik here to view.
Remote File Upload Vulnerability in WordPress MailPoet Plugin...
Marc-Alexandre Montpas, from our research team, found a serious security vulnerability in the MailPoet WordPress plugin. This bug allows an attacker to upload any file remotely to the vulnerable...
View ArticleClik here to view.
OpenSSL Project Roadmap
This document is intended to outline the OpenSSL project roadmap. It is a living document and is expected to change over time. Objectives and dates should be considered aspirational.The OpenSSL project...
View ArticleClik here to view.
Microsoft, njRat, and No-IP
Microsoft's Digital Crimes Unit is claiming their 10th major botnet action, this time targeting the malware known as Bladabindi, or more popularly njRAT, and Jenxcus, better known as H-worm. To do so,...
View ArticleClik here to view.
Paper: HTML5 Modern Day Attack And Defence Vectors
Being a firm believer of free education, here I present to you "HTML5 Modern Day Attack And Defence Vectors" free of cost and free of ads. - See more at:...
View ArticleClik here to view.
The Service You Can’t Refuse: A Secluded HijackRAT
In Android world, sometimes you can’t stop malware from “serving” you, especially when the “service” is actually a malicious Android class running in the background and controlled by a remote access...
View Article