Clik here to view.
PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass Vulnerability
Document Title:===============PayPal Inc BB #85 MB iOS 4.6 - Auth Bypass VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=895PayPal Security UID:...
View ArticleClik here to view.
Bob and Alice Discover a Mac OPSEC Issue
The following is a true story. The names have been changed because the identity of those involved is none of your business.Bob uses Linux. Alice uses Mac. Bob gave Alice a file via FAT32 formatted USB...
View ArticleClik here to view.
These Are The Emails Snowden Sent to First Introduce His Epic NSA Leaks
Six months before the world knew the National Security Agency’s most prolific leaker of secrets as Edward Joseph Snowden, Laura Poitras knew him as Citizenfour. For months, Poitras communicated with an...
View ArticleClik here to view.
Heistmeisters crack cost of safecrackers with $150 widget
Arduino hack-box brute-forces ATMs, gun safesmore here..........http://www.theregister.co.uk/2014/10/13/heistmeisters_crack_cost_of_safecrackers_with_150_widget/
View ArticleClik here to view.
Tiny ELF 32/64 with nasm
Sometimes I need to create a tiny ELF with some assembly code, because I'm restricted in size or just don't like the bloated binary produced by gcc and the linker. The classic reference about this is A...
View ArticleClik here to view.
Find Security Bugs: New version and project status
A new version of FindSecurityBugs was release last week.For those who don't know about it, FindSecurityBugs is a plugin for the Java static analysis tool FindBugs. This plugin consist of a set rules...
View ArticleClik here to view.
Exploring and Exploiting iOS Web Browsers
Today we begin a three-post series about mobile security. We start with a discussion of vulnerabilities in iOS web browsers. Later this week we'll cover apps executing on jailbroken devices and the...
View ArticleClik here to view.
Hacking my smart TV - an old new thing
It’s hard to conceive of now, but there was a time when hacking a system was something easy enough for pretty much anyone to do. Developers were barely cognizant of the concept of security and many...
View ArticleClik here to view.
Croogo 2.0.0 Cross Site Scripting
<<<Croogo 2.0.0 Multiple Stored XSS VulnerabilitiesVendor: Fahad Ibnay HeylaalProduct web page: http://www.croogo.orgAffected version: 2.0.0Summary: Croogo is a free, open source, content...
View ArticleClik here to view.
Croogo 2.0.0 Arbitrary PHP Code Execution
#!/usr/bin/env python### Croogo 2.0.0 Arbitrary PHP Code Execution Exploit### Vendor: Fahad Ibnay Heylaal# Product web page: http://www.croogo.org# Affected version: 2.0.0## Summary: Croogo is a free,...
View ArticleClik here to view.
CVE-2014-3671: DNS Reverse Lookup as a vector for the Bash vulnerability...
Security Advisory DNS Reverse Lookup as a vector for the Bash vulnerability (CVE-2014-6271 et.al.) CVE-2014-3671references: CVE-2014-6271, CVE-2014-7169, CVE-2014-6277,...
View ArticleClik here to view.
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog via...
CVE-2013-2021 - vBulletin 5.x/4.x - persistent XSS in AdminCP/ApiLog viaxmlrpc API (post-auth)================================================================================================Overview-...
View ArticleClik here to view.
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API (post-auth)
CVE-2014-2022 - vbulletin 4.x - SQLi in breadcrumbs via xmlrpc API(post-auth)==============================================================================Overview- -------- date : 10/12/2014...
View ArticleClik here to view.
CVE-2014-2023 - Tapatalk for vBulletin 4.x - multiple blind sql injection...
*Preliminary VulnNote*CVE-2014-2023 - Tapatalk for vbulletin 4.x - multiple blind sql injection(pre-auth)====================================================================================Overview-...
View ArticleClik here to view.
Fuzzing random binaries without execve()
The most common way to fuzz data parsing libraries is to find a simple binary that exercises the interesting functionality, and then simply keep executing it over and over again - of course, with...
View ArticleClik here to view.
OWTF 1.0 "Lionheart" released!
OWTF 1.0 "Lionheart" (beta) is dedicated to everybody that helped make this challenging release happen, in particular to the courage of all this people, who overcame their sweat, blood and tears to...
View ArticleClik here to view.
Hackers hold 7 million Dropbox passwords ransom?
Dropbox denies it has been compromised as hackers leak hundreds of passwords online, promising to release almost 7 million more if they're paid for the information.more here...
View ArticleClik here to view.
Introducing FlowBAT, the Flow Analysis GUI
Above all else, we know that network visibility is critical in the modern threat landscape. In a perfect world organizations could collect and store mountains of full packet capture data for long...
View ArticleClik here to view.
iSIGHT discovers zero-day vulnerability CVE-2014-4114 used in Russian...
Zero-day impacting all versions of Microsoft Windows – used in Russian cyber-espionage campaign targeting NATO, European Union, Telecommunications and Energy sectors - See more at:...
View ArticleClik here to view.
Snapception
Intercept and decrypt all snapchats received over your networkmore here.........https://github.com/thebradbain/snapception
View Article