XSS vulnerabilities in em-shorty, RepRapCalculator, Fulcrum, Django and aCMS
I'm resending my letter from February 23, 2013 (since FD was not workingthat day).After my previous list of vulnerable software with ZeroClipboard.swf, hereis a list of software with...
View ArticleBF, IAA and CSRF vulnerabilities in Question2Answer
These are Brute Force, Insufficient Anti-automation and Cross-Site RequestForgery vulnerabilities in Question2Answer. This is the first part ofvulnerabilities in this web...
View ArticleEvernote Announces To 50 Million Users: Service-wide Password Reset
Evernote's Operations & Security team has discovered and blocked suspicious activity on the Evernote network that appears to have been a coordinated attempt to access secure areas of the Evernote...
View ArticlePloggerGallery 1.0 RC1 CSRF / XSS / SQL Injection
-------------------------------------------------------------------------# Software : PloggerGallery Version 1.0 RC1...
View ArticleWhonix ALPHA 0.5.5 - Anonymous Operating System released
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA512Hello everyone,Whonix is an operating system, designed with anonymity in mind. A newversion, Whonix 0.5.5 has just been released.The new version contains...
View Article[SECURITY] [DSA 2636-2] xen regression update
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- -------------------------------------------------------------------------Debian Security Advisory DSA-2636-2...
View ArticleClik here to view.
CloudFlare writes detailed post mortem of the outage they suffered this morning
Today's Outage Post MortemMarch 3, 2013This morning at 09:47 UTC CloudFlare effectively dropped off the Internet. The outage affected all of CloudFlare's services including DNS and any services that...
View ArticleUsing DNS in Metasploit BackDoors
http://www.youtube.com/watch?v=ZOQY_z0NcwQHey my friends I made a small tutorial on integrating DNS in Metasploit backdoor executables. If you don’t know about creating backdoors please refer my...
View ArticleRuby Gem Flash Tool 0.6.0 Remote code execution vulnerability
Flash Tool 0.6.0 Remote code execution vulnerability3/1/2013http://rubygems.org/gems/flash_toolhttps://github.com/milboj/flash_toolIf files downloaded contain shell characters it's possible to execute...
View ArticleAoF, IAA and CSRF vulnerabilities in Question2Answer
These are Abuse of Functionality, Insufficient Anti-automation andCross-Site Request Forgery vulnerabilities in Question2Answer. This is thesecond part of vulnerabilities in this web...
View ArticleJStill: Mostly Static Detection of Obfuscated Malicious JavaScript Code
ABSTRACTThe dynamic features of the JavaScript language not only promote various means for users to interact with websites through Web browsers, but also pose serious security threats to both users and...
View ArticleRemote system freeze thanks to Kaspersky Internet Security 2013
I usually do not write security advisories unless absolutely necessary.This time I should, however I have neither the time, nor the desire todo so.But Kaspersky did not react, so ... quick and...
View ArticleNet Optics Solves Invisibility Challenges to Reduce Security Threats in...
xFilter Provides Visibility Into Complex Network Architectures and Enables Companies to Optimize Their Networking and Virtualization Resources and Support ComplianceSANTA CLARA, CA--(Marketwire - Mar...
View ArticleRSA® Conference 2013 Addressed Top Cybersecurity Issues Through Thought...
Top Information Security Experts Provided RSA® Conference 2013 with Sessions and Keynotes on Today’s Biggest Cybersecurity TrendsRSA Conference 2013SAN FRANCISCO--(BUSINESS WIRE)--News Facts:“For 22...
View ArticleThreat Outbreak Alert: Multiple Attachment E-mail Messages
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain multiple messages for the recipient. The text in the e-mail...
View ArticleThreat Outbreak Alert: Fake Telex Receipt Attachment Notification E-mail...
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an telex receipt notification for the recipient. The text in...
View ArticleThreat Outbreak Alert: Fake Italian Online Friendship and Picture Sharing...
DescriptionCisco Security Intelligence Operations has detected significant activity related to Italian-language spam e-mail messages that claim to contain an online friendship request and personal...
View ArticleThreat Outbreak Alert: Fake Italian Online Dating and Picture Sharing E-mail...
DescriptionCisco Security Intelligence Operations has detected significant activity related to Italian-language spam e-mail messages that claim to contain an online dating request and personal picture...
View ArticleThreat Outbreak Alert: Fake Invoice Payment Notification E-mail Messages
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain an invoice payment notification for the recipient. The text in...
View ArticleThreat Outbreak Alert: Fake Portuguese Language Debt Collection E-mail Messages
DescriptionCisco Security Intelligence Operations has detected significant activity related to Portuguese-language spam e-mail messages that claim to contain a debt collection notification for the...
View Article