Clik here to view.
Atom CMS Shell Upload / SQL Injection Vulnerabilities
###################################################################################################Exploit Title : Atom CMS SQL Injection and file upload vulnerability#Author : Jagriti...
View ArticleClik here to view.
xClassified 1.2 Bypass / Cross Site Scripting / SQL Injection
# Exploit Title : xClassified 1.2 Multiple Vulnerabilities# Vendor : http://xclassified.artifectx.com/# Date Found : 2014-07-08Vulnerabilities : SQL Injection / Login Bypass /...
View ArticleClik here to view.
Lime Survey 2.05+ Build 140618 XSS / SQL Injection Vulnerabilities
Title: Lime Survey Multiple VulnerabilitiesDiscovery date: 02/07/2014Release date: 03/07/2014Vendor Homepage: www.limesurvey.orgVersion: Lime Survey 2.05+ Build 140618Tested with:...
View ArticleClik here to view.
Paper: Hidden and Uncontrolled - On the Emergence of Network Steganographic...
Network steganography is the art of hiding secret information within innocent network transmissions. Recent findings indicate that novel malware is increasingly using network steganography. Similarly,...
View ArticleClik here to view.
Paper: TLS hardening
This document presents TLS and how to make it secure enough as of 2014 Spring. Of course all the information given here will rot with time. Protocols known as secure will be cracked and will be...
View ArticleClik here to view.
How to Block Automated Scanners from Scanning your Site
This blog post describes how to block automated scanners from scanning your website. This should work with any modern web scanner parsing robots.txt (all popular web scanners do this).more...
View ArticleClik here to view.
TOR being sued along with Pinkmeth
This will be interesting to see how this plays out in court and if other lawsuits will soon followThe lawsuit doc can be found...
View ArticleClik here to view.
Payload server in Python 3 for Github webhooks
The Github Webhooks API is powerful and flexible, making it simple to integrate services with your source repository. Lately I’ve been tinkering with it a bit, but all the examples Github has are in...
View ArticleClik here to view.
Android Forensics, Part 2: How we recovered (supposedly) erased data
Digital forensics is a branch of science which deals with the recovery and investigation of materials found in digital devices. Forensics is usually mentioned in connection with crime, vaguely similar...
View ArticleClik here to view.
BrutPOS: RDP Bruteforcing Botnet Targeting POS Systems
There have been an increasing number of headlines about breaches at retailers in which attackers have made off with credit card data after compromising point-of-sale (POS) terminals. However, what is...
View ArticleClik here to view.
InvGate Service Desk post-auth SQL injection as non-privileged user
Detailed in the gist link below is a slew of SQL injections available to anauthenticated but non-privileged user in the latest available version (fromtheir website) of...
View ArticleClik here to view.
CVE-2014-3418 - OS Command Injection Infoblox Network Automation Vuln
Product: Network Automation, licensed as:* NetMRI* Switch Port Manager* Automation Change Manager* Security Device ControllerVendor: InfobloxVulnerable Version(s):...
View ArticleClik here to view.
OctavoCMS XSS Vulnerability
This proprietary content management software is vulnerable to reflected XSS on the file admin/viewer.php, src parameter.Current release on their demo site is vulnerable, same as other few sites I could...
View ArticleClik here to view.
WordPress BSK PDF Manager 1.3.2 SQL Injection
####################### Exploit Title : Wordpress BSK PDF Manager 1.3.2 Authenticated SQL Injection# Exploit Author : Claudio Viviani# Vendor Homepage : http://www.bannersky.com/bsk-pdf-manager/#...
View ArticleClik here to view.
Word Exploit Delivery using MIME HTML Web Archive
The creativity and research seen in Anti-virus evasion is interesting, not to considered the "maturing" nature of AV industry :)We have, multiple times in the past, came across Microsoft Office related...
View ArticleClik here to view.
SerialICE
SerialICE is a flexible, software based system software debugger. Based on the open source processor emulator Qemu, SerialICE allows you to log and intercept hardware accesses of your firmware and...
View ArticleClik here to view.
Apple ID Harvesting, now this is a good phish
Phishing isn't new. "So, why are you writing about it?", you ask.more here............http://vrt-blog.snort.org/2014/07/apple-id-harvesting-now-this-is-good.html
View ArticleClik here to view.
Titan: Enabling Low Overhead and Multi-faceted Network Fingerprinting of a Bot
Botnets are an evolutionary form of malware, unique in requiring network connectivity for herding by a botmaster that allows coordinated attacks as well as dynamic evasion from detection. Thus, the...
View ArticleClik here to view.
Why SecDevOps Will Save The Cloud
This is the first part of a new series of weekly posts that will dive into the role of SecDevOps. This series looks into why we need it in our lives, how we may go about implementing this methodology,...
View ArticleClik here to view.
On Cryptolocker and the Commercial Malware Delivery Platform behind It
In an ever-connected world, malware thrives and multiplies at an incredible rate. More than 200,000 samples are built, packed and pushed on the market daily. Few of these threats manage to cause...
View Article