Fake anti-virus for Android spreads via ads in other applications
Russian anti-virus company Doctor Web is warning users about a new fraud scheme. It involves various Android programs displaying advertisements that prompt users to scan their mobile devices for...
View ArticleJava is So Confusing...
It's been a short while, but we find ourselves again with a Java vulnerability in our hands, this time via a PoC provided by IKVM.NET.This particular vulnerability is somewhat different than most java...
View ArticleownCloud Security Advisories (2013-017, 2013-018)
This vulnerabilities only affect ownCloud Server 5.0.x and 4.5.x, the4.0.x branch is not affected and still supported with security updatesby us.---------------------------------------# XSS...
View ArticleMWR Labs Pwn2Own 2013 Write-up - Webkit Exploit
Recently, MWR Labs took part in the Pwn2Own 2013 competition in Vancouver, demonstrating a full sandbox bypass exploit against Google Chrome (1). The exploit used two vulnerabilities:A type confusion...
View ArticleJoomla component com_civicrm remote code injection vulnerability
# Exploit Title: joomla component com_civicrm remode code injection exploit# Google Dork:"Index of /joomla/administrator/components/com_civicrm/civicrm/packages/OpenFlashChart"# Date: 20/04/2013#...
View ArticleMikrotik Syslog Server Remote BOF DOS
# Exploit Title: Mikrotik Syslog Server for Windows - remote BOF DOS# Date: 19.04.2013# Exploit Author: xis_one@STM Solutions# Vendor Homepage: www.mikrotik.com# Software Link:...
View ArticleWindows 7 Force Shutdown Shellcode - 215 chars
/*------------------------------------------------==[ By Ayrbyte ]======[ Geng Simbe @ TKJ 1 Club ]========================================Greets To : Adit Groundd SAndd Notte, Agos Wahyo, Aguenkk...
View ArticleWindows 7 Disable Task Manager Shellcode - 326 chars
/*------------------------------------------------==[ By Ayrbyte ]======[ Geng Simbe @ TKJ 1 Club ]========================================Greets To : Adit Groundd SAndd Notte, Agos Wahyo, Aguenkk...
View ArticleWindows 7 Force Terminate Explorer Shellcode - 255 chars
/*------------------------------------------------==[ By Ayrbyte ]======[ Geng Simbe @ TKJ 1 Club ]========================================Greets To : Adit Groundd SAndd Notte, Agos Wahyo, Aguenkk...
View ArticleOS command injection vulnerability in Chicken Scheme
Hello Chicken users,It was discovered that the "qs" procedure from the "utils" moduleperforms incomplete escaping. On Windows (mingw32), this procedurequoted the string but did not escape embedded...
View ArticleVulnerabilities in jPlayer
I want to inform you about multiple vulnerabilities in jPlayer. These are Cross-Site Scripting and Content Spoofing vulnerabilities used by tens of thousands of web sites and in multiple web...
View Article"jQuery Migrate" is a Sink, too?!
or How "jQuery Migrate" un-fixes a nasty DOMXSS without telling us..ForewordToday Mario Heiderich of Cure53 tweeted the following message:"@0x6D6172696F Does anyone know why jquery.com has a special...
View ArticleIs TLS Secure?
TLS is the standard which defines how web traffic is encrypted. It is what keeps your credit card secure when you buy something on the internet, and it is what should be used (but sometimes isn't) to...
View ArticleVoipnow => 2.4 Local File Inclusion Vulnerability
/*+ Application : Voipnow| Version , Prior to 2.4| Download : http://4psa.com/| By Faris , AKA i-Hmx| n0p1337@gmail.com+ sec4ever.com , 1337s.cc*/VoipNow is commercial web GUI voip server manager,it's...
View ArticleYet another Reflection API flaw affecting Oracle's Java SE
Today, a vulnerability report with an accompanying Proof ofConcept code was sent to Oracle notifying the company of anew security weakness affecting Java SE 7 software.The new flaw was verified to...
View ArticleBig Data, Analytics, and Cloud Drive Enterprise Software Growth, According to...
FRAMINGHAM, Mass.--(BUSINESS WIRE)--International Data Corporation (IDC) today released the latest results from the Worldwide Semiannual Software Tracker. For 2012, the worldwide software market grew...
View Article0day Vulnerability in VLC (PoC Anticipated to be Supplied in the Next 2 Weeks)
If VLC media player is launched in QT mode and the user is on windows NT(any version of windows so far as tested) connected to the internet thereis a vulnerability in the handling of unicast packets....
View Article[RHSA-2013:0762-01] Low: Red Hat Enterprise MRG for Red Hat Enterprise Linux...
===================================================================== Red Hat Security AdvisorySynopsis: Low: Red Hat Enterprise MRG for Red Hat Enterprise Linux 5 1-Year...
View Article[SQLi] vBilling for FreeSWITCH
vBilling for FreeSWITCH.http://blaszczakm.blogspot.com/2013/04/vbilling-freeswitch-sqli.htmlMichal Blaszczak1) SQL Injectionreset password any SIP accountfile: controllers/customer.php$sql2 = "UPDATE...
View ArticleCollection of Pcap files from malware analysis
I did some spring cleaning yesterday and came up with these malware and exploit pcaps. Such pcaps are very useful for IDS and signature testing and development, general education, and malware...
View Article