Clik here to view.
Oracle Corporation MyOracle - Persistent Vulnerability
Document Title:===============Oracle Corporation MyOracle - Persistent VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1261Oracle Security ID...
View ArticleClik here to view.
Escalating Futex
Last time we went over the two bugs in the futex kernel module and how these bugs allow us to potentially control a node in some kernel-residing linked list.This time, we'll discuss how to leverage...
View ArticleClik here to view.
Announcing Keyless SSL™: All the Benefits of CloudFlare Without Having to...
CloudFlare is an engineering-driven company. This is a story we're proud of because it embodies the essence of who we are: when faced with a problem, we found a novel solution. Technical details to...
View ArticleClik here to view.
The Post Exploitation Team
I often get asked about red team skills and training. What should each team member know how to do? For exercises or long running attack simulations, I believe it’s fruitful to put junior members into...
View ArticleClik here to view.
Let’s Talk About NewPosThings
NewPosThings is a point of sale (PoS) malware family that ASERT has been tracking for a few weeks. It operates similarly to other PoS malware by memory scraping processes looking for credit card track...
View ArticleClik here to view.
AST-2014-010: Remote crash when handling out of call message in certain...
Asterisk Project Security Advisory - AST-2014-010 Product Asterisk Summary Remote crash when handling out of call message in certain dialplan...
View ArticleClik here to view.
AST-2014-009: Remote crash based on malformed SIP subscription requests
Asterisk Project Security Advisory - AST-2014-009 Product Asterisk Summary Remote crash based on malformed SIP subscription requests Nature of...
View ArticleClik here to view.
CoreGraphics Information Disclosure - CVE-2014-4378
Apple CoreGraphics library fails to validate input when parsing the colorspace specification of an inline image embedded in a PDF content stream. This issue is an information leak vulnerability that...
View ArticleClik here to view.
Apple iOS / OSX Foundation NSXMLParser XML eXternal Entity (XXE) Flaw
VSR Security Advisory http://www.vsecurity.com/=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=Advisory Name: Apple...
View ArticleClik here to view.
Reflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3 (CVE-2014-6413)
I. VULNERABILITYReflected XSS Attacks vulnerabilities in WatchGuard XTM 11.8.3II. BACKGROUND-------------------------WatchGuard builds affordable, all-in-one network and content securitysolutions to...
View ArticleClik here to view.
Malicious iOS Apps
As part of one of our recent research projects, we evaluated how malicious thid-party apps could affect user privacy, despite the various security controls and the solid security architecture of the...
View ArticleClik here to view.
FastResponder
This tool collects different artefacts on live Windows and records the results in csv files. With the analyses of this artefacts, an early compromission can be detected.more...
View ArticleClik here to view.
Nuclear exploit kit - complete infection cycle
Zscaler ThreatLabZ has been seeing a steady increase in the Nuclear Exploit Kit (EK) traffic over the past few weeks. The detection of malicious activity performed by this EK remains low, due to usage...
View ArticleClik here to view.
Leveraging LFI To Get Full Compromise On WordPress Sites
In this post I will discuss how a serious but mostly ignored vulnerability can lead to a full compromise of a WordPress site. The key in this attack is how WordPress handles authentication allowing a...
View ArticleClik here to view.
Paper: Protecting Encrypted Cookies from Compression Side-Channel Attacks
Compression is desirable for network applications as it saves bandwidth; however, when data iscompressed before being encrypted, the amount of compression leaks information about the amountof...
View ArticleClik here to view.
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration...
Cross-site scripting (XSS) vulnerability in Xcode Server in CoreCollaboration in Apple OS X Server before 3.2.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors....
View ArticleClik here to view.
Yahoo SQL Injection to Remote Code Exection to Root Privilege
Today I will blog about a SQL Injection vulnerability that were escalated to Remote Code Execution, Escalated to Root Privilege on one of Yahoo servers.The story started while searching in below...
View ArticleClik here to view.
FinFisher Malware Dropper Analysis
As you may have heard, recently Finfisher malware sample leaked online. As I got a little free time today, I decided to take a look at it. Sample I'm going to analyze in this article is...
View ArticleClik here to view.
INTERNET Permission Bypass via Ping Command for Android 2.X (Sep. 2010)
Although, It was already fixed on Android 4.X, I'd like to write article about this because I think this is very interesting technically.I reported it to Google Sep. 2010 and be said my report makes no...
View ArticleClik here to view.
Livefyre LiveComments Plugin - Stored XSS
Title : Stored XSS in Livefyre LiveComments PluginCVE : 2014-6420Vendor Homepage : http://livefyre.comSoftware Link : http://web.livefyre.com/streamhub/#liveCommentsVersion : v3.0Author : Brij Kishore...
View Article