Clik here to view.
[Quantum Leap Advisory] #QLA140808 Cart Engine 3.0 Multiple vulnerabilities...
=== Details ===Quantum Leap Advisory: http://www.quantumleap.it/cart-engine-3-0-multiple-vulnerabilities-sql-injection-reflected-xss-open-redirect/Affected Product: Cart EngineVersion: 3.0=== Executive...
View ArticleClik here to view.
Laravel 2.1 Hash::make() bcrypt truncation
####################################################################### _ ___ _ _ ____ ____ _ _____# | | / _ \| \ | |/ ___|/ ___| / \|_ _|# | | | | | | \| | | _| | / _ \ |...
View ArticleClik here to view.
Microsoft Windows 8.1 Kernel Patch Protection Analysis & Attack Vectors
Kernel Patch Protection (also known as "patchguard") is a Windows mechanism designed tocontrol the integrity of vital code and data structures used by the operating system. It wasintroduced in Windows...
View ArticleClik here to view.
Pirates of the Internetz: The curse of the waterhole
Last week the Bromium Labs team was contacted by a Fortune 1000 customer that detected an interesting attack via one of their installed LAVA sensors. We get such events frequently from our customers;...
View ArticleClik here to view.
Paper: The Dark Alleys of Madison Avenue: Understanding Malicious Advertisements
Online advertising drives the economy of the World WideWeb. Modern websites of any size and popularity includeadvertisements to monetize visits from their users. To thisend, they assign an area of...
View ArticleClik here to view.
SpyFiles 4 -WikiLeaks publicly disclosed copies of FinFisher surveillance...
Today, 15 September 2014, WikiLeaks releases previously unseen copies of weaponised German surveillance malware used by intelligence agencies around the world to spy on journalists, political...
View ArticleClik here to view.
Reflected XSS in WooCommerce – excelling eCommerce allows attackers ability...
Details================Software: WooCommerce - excelling eCommerceVersion: 2.1.12Homepage: http://wordpress.org/plugins/woocommerce/Advisory report:...
View ArticleClik here to view.
CSRF/XSS vulnerablity in Login Widget With Shortcode allows unauthenticated...
Details================Software: Login Widget With ShortcodeVersion: 3.1.1Homepage: http://wordpress.org/plugins/login-sidebar-widget/Advisory report:...
View ArticleClik here to view.
SiteKiosk - Breakout
It has been a while since my last blog post, therefore I am going to share two possible bypasses for the software SiteKiosk on Windows. As the name suggests, it is a kiosk software ^^.SiteKiosk is a...
View ArticleClik here to view.
[TECHNICAL TEAR DOWN] FIESTA EXPLOIT KIT – JAVA EXPLOIT (CVE-2012-0507)
Today, we’re going to look at another exploit that is delivered by the Fiesta Exploit Kit. As usual, the purpose of this post is to provide a technical understanding on how the exploit work. This time...
View ArticleClik here to view.
Vulnerability in WP-Ban allows visitors to bypass the IP blacklist in some...
Details================Software: WP-BanVersion: 1.62Homepage: http://wordpress.org/plugins/wp-ban/Advisory report:...
View ArticleClik here to view.
Salesforce Dyre Variant – Research & Analysis
Hi, I’m Tomer Schwartz, director of security research at Adallom Labs. As you probably know by now, a bit over a week ago, Salesforce.com announced they detected a new variant of Dyre (aka Dyreza) that...
View ArticleClik here to view.
UFONet
UFONet - is a shell client designed to launch DDoS attacks against a target, using CSRF/XSS vectors on third party web applications, like botnet. It allows to use a proxy to manage 'zombies'.more...
View ArticleClik here to view.
THC-SmartBrute
Finds undocumented and secret commands implemented in a smartcardmore here...............https://www.thc.org/thc-smartbrute/
View ArticleClik here to view.
Multiple SQL Injection Vulnerabilities in ClassApps SelectSurvey.net
Details==========Software: ClassApps SelectSurvey.netDescription: Multiple SQL Injection VulnerabilitiesVersion: 4.124.004Homepage: https://www.classapps.com/SelectSurveyNETOverview.aspVendor Fix:...
View ArticleClik here to view.
ccnet-server remote DoS (assert) seafile-server 3.1.5
# Exploit Title: ccnet-server remote DoS (assert) in seafile-server 3.1.5# Date: Sep 4, 2014# Exploit Author: retset# Vendor Homepage: seafile.com# Software...
View ArticleClik here to view.
DoS seafile-server 3.1.5 ( ccnet-server - assert)
# Exploit Title: ccnet-server remote DoS (assert) in seafile-server 3.1.5# Date: Sep 4, 2014# Exploit Author: retset# Vendor Homepage: seafile.com# Software...
View ArticleClik here to view.
Invisible.im
Invisible.im is a coalition of security experts, developers, and a tech journalist that was established to develop an instant messenger and file transfer tool that leaves virtually no evidence of...
View ArticleClik here to view.
Paper: Exposing Bootkits with BIOS Emulation
The security features added in modern 64-bit versions of Windowsraise the bar for kernel mode rootkits. The introduction of Driver Signa-ture Enforcement prevents malware from loading an unsigned...
View ArticleClik here to view.
Your iOS 8 Data is Not Beyond Law Enforcement’s Reach… Yet.
In a recent announcement, Apple stated that they no longer unlock iOS (8) devices for law enforcement.“On devices running iOS 8, your personal data such as photos, messages (including attachments),...
View Article