SilentCircle (Encrypted VoIP auditing) - Please cooperate
Hi,this is the output of a quick analysis done on SilentCircle sourcecode published on https://github.com/SilentCircle/silent-phone-base .It seems that someone "friendly with SC" is continuously...
View ArticleClik here to view.
GlobalSign Teams with World's Leading Certificate Authorities (CAs) to...
GlobalSign Teams with World's Leading Certificate Authorities (CAs) to Strengthen Internet SecurityGlobalSign wants to help all businesses to communicate and execute transactions across the Internet...
View ArticleSonar v.3.4.1 => XSS (CWE-79)
Sonar v.3.4.1 => XSS (CWE-79)+ Vendor infohttp://www.sonarsource.com/Dork : intext:"Powered by SonarSource"=========================================================+ Author: devilteam.pl+ WWW:...
View ArticleCometchat - Multiple Vulnerabilities
################################################################################## __ _ _ ____ / /___ _____ (_)_____________ ______(_)__...
View ArticlechillyCMS 1.3.0 - Multiple Vulnerabilities
# Exploit Title: chillyCMS 1.3.0 Multiple Vulnerabilities# Google Dork: "powered by chillyCMS"# Date: 15 February 2013# Exploit Author: Abhi M Balakrishnan# Vendor Homepage:...
View ArticleThe result of pinging all the Internet IP addresses
In the previous post we considered the theoretical cost and feasibility of scanning all Internet IP addresses and it resulted to be very low. Therefore, we decided to conduct a little experiment: see...
View Articlepigz creates temp file with insecure permissions
I just submitted the followingbug #700608 to Debian BTS:When asked to compress a file with restricted permissions (likemode 0600), the .gz file pigz creates while doing this hasusual mode derived from...
View ArticleCross Site Scripting - NATO, UN, OEA, Navy, NASA, Microsoft and More.....
##################################Cross Site Scripting - Multisitios By Sky_BlaCk##################################NATO - OTAN...
View ArticleReview: Info Security Questions & Answers
QUESTION 1Which of the following countermeasure can specifically protect against both the MAC Flood and MACSpoofing attacks?A. Configure Port Security on the switchB. Configure Port Recon on the...
View ArticleThreat Outbreak Alert: Fake Bank of America Transfer Notification E-mail...
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a bank transfer notification for the recipient. The text in the...
View Articlepython-pyrad insecurities
#1: https://bugzilla.redhat.com/show_bug.cgi?id=911682Nathaniel McCallum of Red Hat reported that pyrad was using Python'srandom module in a number of places to generate pseudo-random data. Inthe case...
View Article[ MDVSA-2013:012 ] postgresql
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1 _______________________________________________________________________ Mandriva Linux Security Advisory MDVSA-2013:012http://www.mandriva.com/security/...
View Articlenew scripts/modules/exploits added to Nmap, OpenVAS, Metasploit, and Nessus...
This report describes any new scripts/modules/exploits added to Nmap,OpenVAS, Metasploit, and Nessus since yesterday.== OpenVAS plugins (32) ==r15435 803311...
View ArticleCSRF, XSS and Redirector vulnerabilities in IBM Lotus Domino
These are Cross-Site Request Forgery, Cross-Site Scripting and Redirectorvulnerabilities in IBM Lotus Domino. At 30th of November IBM released theadvisory concerning these vulnerabilities.CVE ID:...
View ArticleCVE-2013-0292: authentication bypass due to insufficient checks in dbus-glib...
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256Sebastian Krahmer discovered and published an authentication bypassvulnerability in pam_fprintd, caused by a bug in dbus-glib. It ispossible that other...
View ArticlexMatters Alarmpoint BoF-0day
#Authored by Juan SaccoInformation -------------------- Name : Heap Buffer Overflow in xMatters AlarmPoint APClient Version: APClient 3.2.0 (native) Software : xMatters AlarmPoint Vendor Homepage :...
View ArticleEChat Server 3.1 BoF-0day
#Authored by Juan Sacco# EChat Server is prone to a remote buffer-overflow vulnerability because it fails to perform adequate boundary-checks on user supplied data. Succefully exploiting# of this bug...
View ArticleCORE-2012-1128 - SAP Netweaver Message Server Multiple Vulnerabilities
Core Security - Corelabs Advisoryhttp://corelabs.coresecurity.com/CORE-2012-11281. *Advisory Information*Title: SAP Netweaver Message Server Multiple VulnerabilitiesAdvisory ID: CORE-2012-1128Advisory...
View ArticleForensic Recovery of Scrambled Telephones
You may find this paper of interest...Abstract. At the end of 2011, Google released version 4.0 of its Androidoperating system for smartphones. For the first time, Android smartphoneowners were...
View ArticleAnalyzing the First ROP-Only, Sandbox-Escaping PDF Exploit
The winter of 2013 seems to be “zero-day” season. Right after my colleague Haifei Li analyzed the powerful Flash zero day last week, Adobe sent a security alert for another zero-day attack targeting...
View Article