Clik here to view.
Tools for FinSpy
I would like to share the scripts and tools with you which I used during my presentation on Hacktivity and now on hack.lu here..........http://finspy.marosi.hu/tools-for-finspy/
View ArticleClik here to view.
File Manager v4.2.10 iOS - Code Execution Vulnerability
Document Title:===============File Manager v4.2.10 iOS - Code Execution VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1343Release...
View ArticleClik here to view.
iFunBox Free v1.1 iOS - File Include Vulnerability
Document Title:===============iFunBox Free v1.1 iOS - File Include VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1344Release...
View ArticleClik here to view.
Vulnerabilities in WordPress Database Manager v2.7.1
Title: Vulnerabilities in WordPress Database Manager v2.7.1Author: Larry W. Cashdollar, @_larry0Date: 10/13/2014Download:Â https://wordpress.org/plugins/wp-dbmanager/Downloads: 1,171,358Vendor: Lester...
View ArticleClik here to view.
Spam Campaign Taking Advantage of Ebola Scare May Lead To Malware Infections
Cybercriminals have inevitably taken advantage of the publicization of the Ebola virus in the news for several months. We’ve spotted a couple of malicious spam samples that reference the Ebola virus in...
View ArticleClik here to view.
Mulesoft ESB Authenticated Privilege Escalation
Mulesoft ESB Runtime 3.5.1 Authenticated Privilege Escalation → Remote CodeExecution Mulesoft ESB Runtime 3.5.1 allows any arbitrary authenticated user tocreate an administrator user due to a lack of...
View ArticleClik here to view.
The Details Behind the Akeeba Backup Vulnerability
It’s been a month since our disclosure of a low-severity vulnerability affecting Akeeba Backup version 3.11.4, which allowed an attacker to list and download backups from a target website using the...
View ArticleClik here to view.
Incredible PBX remote command execution exploit
#!/usr/bin/perl## Title: Incredible PBX remote command execution exploit# Author: Simo Ben youssef# Contact: Simo_at_Morxploit_com# Discovered: 1 September 2014# Coded: 21 October 2014# Published: 21...
View ArticleClik here to view.
Paper: DNS Resolvers Considered Harmful
The Domain Name System (DNS) is a critical component of the Internet infrastructure. However---as with many components of Internet technology---DNS has numerous vulnerabilities. In particular, shared...
View ArticleClik here to view.
Cyber-criminals quickly adopt critical Flash Player vulnerability
Keeping your computer up-to-date is probably one of the best pieces of advice one can give when it comes to online security.Perhaps it should also be emphasized that patches ought to be applied in a...
View ArticleClik here to view.
U.S. government probes medical devices for possible cyber flaws
The U.S. Department of Homeland Security is investigating about two dozen cases of suspected cybersecurity flaws in medical devices and hospital equipment that officials fear could be exploited by...
View ArticleClik here to view.
Pangu jailbreak installs unlicensed code on millions of devices
For years iPhone jailbreaking has been a very controversial topic. Considered illegal by some including the vendor, customers had to fight in court to get a DCMA exception that finally ruled iPhone...
View ArticleClik here to view.
Tracking a Bitcoin Thief pt. I: The Philippine Connection and the Truth...
For the last two years the crypto currency scene had exploded in size as people began learning about and participating in Bitcoin and its alternate currencies. Altcoins as people call them are smaller...
View ArticleClik here to view.
Why Samsung Knox isn't really a Fort Knox
Samsung phones, like the Samsung Galaxy S4, are shipped with a preinstalled version of Samsung Knox. Samsung advertises Knox with the following:"KNOX Workspace container improves the user experience,...
View ArticleClik here to view.
Dell SonicWall GMS v7.2.x - Persistent Web Vulnerability
Document Title:===============Dell SonicWall GMS v7.2.x - Persistent Web VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1222Release...
View ArticleClik here to view.
File Manager v4.2.10 iOS - Code Execution Vulnerability
Document Title:===============File Manager v4.2.10 iOS - Code Execution VulnerabilityReferences (Source):====================http://www.vulnerability-lab.com/get_content.php?id=1343Release...
View ArticleClik here to view.
Powerpoint Vulnerability (CVE-2014-4114) used in Malicious Spam
Following last week’s announcement of a zero-day vulnerability for PowerPoint (CVE-2014-4114), we suspected it would not be too long before we saw this attack being used via email attachments. So when...
View ArticleClik here to view.
CVE-2014-7180 - ElectricCommander Local Privilege Escalation
Classification: //Dell SecureWorks/Confidential - Limited ExternalDistribution:################################################################################### * Title:Â ElectricCommander Local...
View ArticleClik here to view.
Bad Crypto 101
This post is part of a series about bad cryptography usage . We all rely heavily on cryptographic algorithms for data confidentiality and integrity, and although most commonly used algorithms are...
View ArticleClik here to view.
Code Assisted Penetration Testing of a NodeJS App
What I like to do when I start testing node apps, before doing anything else, is to look at the 3rd party installed dependencies of the app. All the dependencies should be listed in a file called...
View Article