[SECURITY] [DSA 2659-1] libapache-mod-security security update
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1- -------------------------------------------------------------------------Debian Security Advisory DSA-2659-1...
View ArticleRESTful Web Services (RESTWS) - DoS
View online: http://drupal.org/node/1966780 * Advisory ID: DRUPAL-SA-CONTRIB-2013-042 * Project: RESTful Web Services [1] (third-party module) * Version: 7.x * Date: 2013-April-10 * Security risk:...
View ArticleLetterIt2
# LetterIt2 <= XSS Vulnerability# Date: 10/04/2013# Author: GoLd_M / Page FaceBook (https://www.facebook.com/wthkker/)# Vendor: http://www.letterit.de/download/letterit2_070726.tar.gz# Version:...
View ArticleMicrosoft Security Bulletin Minor Revisions
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256********************************************************************Title: Microsoft Security Bulletin Minor RevisionsIssued: April 10,...
View ArticleRT: Request Tracker 4.0.10 SQL Injection Vulnerability
# Exploit Title: - SQL-Injection - RT: Request Tracker System# Date: 10/05/2013# Exploit Author: cheki# Vendor Homepage: http://bestpractical.com/rt/# Version: RT 4.0.10# Tested on: Kali...
View ArticleThe Ideal Cipher Model (wonky)
A friend who's learning cryptography writes with a few questions about block ciphers:(1) Let's say we're using AES-128 -- 128 bit keys, 128 bit blocks.For a given 128 bit block of plaintext "P" - if I...
View ArticleMetasploit: DLink DIR-645 / DIR-815 diagnostic.php Command Execution
### This file is part of the Metasploit Framework and may be subject to# redistribution and commercial restrictions. Please see the Metasploit# web site for more information on licensing and terms of...
View ArticleMacOSX 10.8.3 ftpd Remote Resource Exhaustion
MacOSX 10.8.3 ftpd Remote Resource ExhaustionMaksymilian Arciemowiczhttp://cxsecurity.com/http://cvemap.org/Public Date:...
View ArticleRemote command injection in Ruby Gem kelredd-pruview 0.3.8
Remote command injection in Ruby Gem kelredd-pruview 0.3.8 Larry W. Cashdollar4/4/2013@_larry0Description: "A gem to ease generating image previews (thumbnails) of various...
View ArticleCyber Attacks 'More Dangerous' Than International Terrorism
VADUZ, Liechtenstein, April 11, 2013 /PRNewswire/ --http://www.worldreview.infoThe US Defence Department is set to invest more than US$3 billion in security to boost its ability to counter cyber...
View ArticleownCloud Security Advisories (2013-014, 2013-015, 2013-016)
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1Some notes at the beginning:- oC-SA-2013-014 affects a vulnerability in the external jPlayerplugin, Kurt will send a mail about this later.- oC-SA-2013-016...
View ArticleSabreDAV security advisory (CVE-2013-1939)
# Local file exposure issueWeb: https://groups.google.com/forum/?fromgroups=#!topic/sabredav-discuss/ehOUu7wTSGQ## CVE IDENTIFIERS- CVE-2013-1939## AFFECTED SOFTWARE- SabreDAV < 1.6.8, < 1.7.6,...
View ArticleAttacking Ruby on Rails Applications-HITB Amsterdam 2013
Useful toolsBesides the usual Audit tools and a Ruby installation the following is quite handy:rvmbrakemanRubyMineaccess additional content here.......http://www.phenoelit.org/stuff/hitb2013ams/#/
View ArticleWinnti Hacking Group. More than just a game
Table of ContentsIn the beginning was ...Digital CertificatesVictimsWinnti C&Cs StructureKnown MalwareThe commercial interestSource of attacksConclusionsKaspersky Lab began this ongoing research in...
View ArticleThreat Outbreak Alert: Fake Remittance Slip With Invalid Digital Signature...
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a remittance slip attachment for the recipient. The text in the...
View ArticleDoS attack on CDN users
Sibling domains cookie isolation got some publicity recently when GitHub moved user generated pages to github.io. The problem is not new, but many sites still ignore it. One issue that somehow escaped...
View Article[RHSA-2013:0737-01] Moderate: subversion security update
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA1===================================================================== Red Hat Security AdvisorySynopsis: Moderate: subversion...
View ArticleAllegro.pl XSS
I was looking for a 19" rack mount today and found this XSS instead:http://allegro.pl/listing/listing.php?string=%22%3E%3Cscript%3Ealert%28document.cookie%29%3B%3C%2Fscript%3Eit turns out to be a...
View ArticleMicrosoft Security Bulletin Re-Releases
-----BEGIN PGP SIGNED MESSAGE-----Hash: SHA256********************************************************************Title: Microsoft Security Bulletin Re-ReleasesIssued: April 11,...
View ArticleThreat Outbreak Alert: Fake Resume Attachment E-mail Messages
DescriptionCisco Security Intelligence Operations has detected significant activity related to spam e-mail messages that claim to contain a resume from a job seeker for the recipient's review. The text...
View Article