- Vuln: Mahara Resume Blocktype Cross Site Scripting Vulnerability
- Vuln: Mahara Admin Password Reset Security Bypass Vulnerability
- Vuln: Google Chrome prior to 3.0.195.32 Multiple Security Vulnerabilities
- Vuln: Multiple Horde Products Cross-Site Scripting Vulnerabilities and File Overwrite Vulnerability
- Vuln: Mod_Perl Path_Info Remote Denial Of Service Vulnerability
- Vuln: Apache mod_perl 'Apache::Status' and 'Apache2::Status' Cross Site Scripting Vulnerability
- Vuln: FreeBSD 'fifo_vnops.c' Resource Leak Local Denial of Service Vulnerability
- Vuln: Citrix NetScaler and Access Gateway Denial Of Service Vulnerability
- Vuln: PDFLib 'open_basedir' Restriction Bypass Vulnerability
- Vuln: Multiple Vendor TLS Protocol Session Renegotiation Security Vulnerability
Search
Search Result
-
Best of Application Security (Friday, Nov. 6)
Category: Network Security & Hacking News/Latest Security News
... Security 2009 will be selected! Another fine method to exploit SQL Injection and bypass WAF Security and Facebook Platform When Is More Important Than Where in Web Application Security Apple - XSS Attack ...Friday, 06 November 2009 -
Exploitation of online banking credentials on the rise
Category: Network Security & Hacking News/Latest Security News
Within the last several months, the FBI has seen a significant increase in fraud involving the exploitation of valid online banking credentials belonging to small and medium sized businesses. In a ... ...Friday, 06 November 2009 -
Fragus exploit pack’s pricy business model locks users in
Category: Network Security & Hacking News/Latest Security News
The $800 attack toolkit comes with a self-destruct mechanism after a certain time period Security researchers at Symantec are closely monitoring the Fragus exploit pack, an $800 package of tools developed ...Friday, 06 November 2009 -
Vulnerability in SSL/TLS protocol
Category: Network Security & Hacking News/Latest Security News
According to reports, vulnerabilities in the SSL/TLS protocol can be exploited by attackers to insert content into secure connections. The cause is TLS renegotiation-related design flaws in the protocol ...Thursday, 05 November 2009 -
Backdoor access for millions of Facebook and MySpace accounts
Category: Network Security & Hacking News/Latest Security News
Yvo Schaap, a young Dutch application developer on Facebook, stumbled on a back door into any user account that accesses the application heaposs working on. He discovered the exploitable mistake while ...Thursday, 05 November 2009 -
darkReading: New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit "New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for"
Category: Network Security & Hacking News/Latest Security News
darkReading: New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're ...Wednesday, 04 November 2009 -
Interesting Information Security Bits for 11/04/2009
Category: Network Security & Hacking News/Latest Security News
... Tags: ( wordpress ) Offensive Security is setting up the next iteration of milw0rm. Leaders in Online Information Security Training >> Offensive Security Exploit Archive Tags: ( milw0rm offensive-security ...Wednesday, 04 November 2009 -
darkReading: New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit "New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're looking for"
Category: Network Security & Hacking News/Latest Security News
darkReading: New Honeypot Mimics The Web Vulnerabilities Attackers Want To Exploit New open-source Honeynet Project tool toys with attackers by dynamically emulating apps with the types of bugs they're ...Wednesday, 04 November 2009 -
3 Tips to Improve Your Organization’s Application Security
Category: Network Security & Hacking News/Latest Security News
... developers evaluate outdated applications, for instance, will go a long way toward preventing any potential vulnerabilities from being exploited. SQL injection and XSS account for 32% of all indents ...Wednesday, 04 November 2009 -
Hole in the Linux kernel allows root access
Category: Network Security & Hacking News/Latest Security News
A null pointer dereference in the Linux kernel can be exploited to access a system at root privilege level. The flaw has been fixed in RC6 of version 2.6.32. However, some distributions prevent the exploit ...Tuesday, 03 November 2009 -
Interesting Information Security Bits for 11/03/2009
Category: Network Security & Hacking News/Latest Security News
... attacks? Check out the paper that mckt wrote. It is based on his presentation at Toorcon recently. Skeptikal.org: Cross-subdomain Cookie Attacks Tags: ( webappsec exploits ) Thinking about virtualizing ...Tuesday, 03 November 2009 -
iHacked: jailbroken iPhones compromised, $5 ransom demanded
Category: Network Security & Hacking News/Latest Security News
Yesterday a Your iPhone's been hacked because it's really insecure! Please visit doiop.com/iHacked and secure your phone right now! message popped up on the screens of a large number of automatically exploited ...Tuesday, 03 November 2009 -
Microsoft report says more worms, vista better, file formats security
Category: Network Security & Hacking News/Latest Security News
... Phishing and Automated SQL Injection Attempts are on rise. Browser Based Exploits are increasing. You can get the report @ MS Threat Center Microsoft has released their latest Security Intelligence ...Monday, 02 November 2009 -
Sun Alert 270475 A Security Vulnerability in the Java Runtime Environment With Verifying HMAC Digests may Allow Authentication to be Bypassed
Category: Network Security & Hacking News/Global Security News
... to forge a digital signature that would be accepted as valid. Applications that validate HMAC-based digital signatures may be vulnerable to this type of attack.Note: This vulnerability cannot be exploited ...Monday, 02 November 2009 -
Sun Alert 269870 Security Vulnerability in the Java Web Start Installer May be Leveraged to Allow Untrusted Java Web Start Application to Run As Trusted Application
Category: Network Security & Hacking News/Global Security News
... and execute arbitrary code. This may occur when a user opens a specially crafted web page that exploits this vulnerability. Sun acknowledges with thanks, Peter Csepely, working with the Zero Day Initiative ...Monday, 02 November 2009 -
Sun Alert 269869 Command Execution Vulnerability in the Java Runtime Environment Deployment Toolkit May be Leveraged to Execute Arbitrary Code
Category: Network Security & Hacking News/Global Security News
... result of a user of the Java Runtime Environment viewing a specially crafted web page that exploits this vulnerability. Sun acknowledges with thanks, an anonymous researcher working with iDefense for bringing ...Monday, 02 November 2009 -
Metasploit Blends in: New MSFPayload/ENcode
Category: Network Security & Hacking News/Latest Security News
... of the framework. But before I get into the new feature, lets quickly go over the standard way you use msfencode: root@bt4:/pentest/exploits/framework3# ./msfpayload windows/meterpreter/reverse_tcp ...Monday, 02 November 2009 -
Find potential exploit conditions in Microsoft Office documents
Category: Network Security & Hacking News/Latest Security News
OfficeCat is a command line utility developed by the Sourcefire VRT that can be used to process Microsoft Office Documents to determine the presence of potential exploit conditions in the file. Off... ...Monday, 02 November 2009 -
What Windows Autorun Has Wrought
Category: Network Security & Hacking News/Latest Security News
... emerged nearly a year ago, and initially it spread by exploiting a networking vulnerability in Windows. But Conficker infections soared by the millions in January with the arrival of Conficker B, which ...Monday, 02 November 2009 -
Christmas Spam Spotted
Category: Network Security & Hacking News/Latest Security News
With Christmas just right around the corner, spammers are already flooding users' inboxes with unwanted emails. No surprises there. Spammers are known to exploit the holidays for its malicious activities. ...Monday, 02 November 2009 -
Software Security Initiatives:Maturity Models, Metrics and Business Cases
Category: Network Security & Hacking News/Latest Security News
... from public sources such as datalossdb.org and WHID to estimate a probability of a data loss related to a web application exploit such as SQL injection. For the impact, I will refer to a population of ...Sunday, 01 November 2009 -
Finjan warns companies as China prepares for cyber-espionage
Category: Network Security & Hacking News/Latest Security News
... said, discovered that some sites in the network lead to Trojan sites that exploit the users’ Web browser software by downloading the Trojan and installing it on the user desktop. Once the users’ ...Friday, 30 October 2009 -
Defeating Zombies: Five Ways To Improve Defenses
Category: Network Security & Hacking News/Latest Security News
... hundreds of new vulnerabilities and exploits. Organizations... Defeating Zombies Attackers have a number of avenues leading directly into your network, and more importantly, into your data. Each week ...Friday, 30 October 2009 -
Trick or treat? Attackers exploit Halloween to infect users
Category: Network Security & Hacking News/Latest Security News
Panda Security has uncovered a new Halloween-related search engine optimization attack. With October 31 just around the corner, and many Internet users searching for issues related to Halloween, attac... ...Wednesday, 28 October 2009 -
Partnerships and Procurement Are Not the Answer
Category: Network Security & Hacking News/Latest Security News
... Ok, that sounds nice. Everyone wants to foster collaboration and communication. Join hands and sing! “Government may be a late adopter, but we should be exploiting its procurement power,” said Melissa ...Wednesday, 28 October 2009 -
Important security update for Opera 10
Category: Network Security & Hacking News/Latest Security News
According to the vendor, the update fixes an "extremely critical" vulnerability which can be exploited using crafted domain names According to the vendor, the update fixes an "extremely critical" vulnerability ...Wednesday, 28 October 2009 -
Gawker Media tricked into featuring malicious Suzuki ads
Category: Network Security & Hacking News/Latest Security News
A group of cybercriminals have successfully managed to trick Gawker's ad sales team into featuring malicious ads serving Adobe exploits (CVE-2008-2992; CVE-2009-0927) and scareware, by impersonating a ...Tuesday, 27 October 2009 -
Toata Scanning for Zen Shopping Cart with Brain File
Category: Network Security & Hacking News/Latest Security News
... and then later, exploitation occurs from either another piece of code or human intervention. ToataZenBrain102709.txt Above is a link to a brain file for the Web application scanner that we produce called ...Tuesday, 27 October 2009 -
Infrastructure fingerprinting via XSS
Category: Network Security & Hacking News/Latest Security News
Yokoso! is an infrastructure fingerprinting system delivered via XSS attack. This project contains two different parts; the fingerprints and modules for the various browser exploit frameworks. The ... ...Tuesday, 27 October 2009 -
Starting IsleSec
Category: Network Security & Hacking News/Latest Security News
... BeanSec up in Boston: "Unlike other meetings, you will not be expected to pay dues, "join up", present a zero-day exploit, or defend your dissertation to attend." Show up, get some wings, drink some beer ...Tuesday, 27 October 2009 -
Caution advised when using the ldd system tool
Category: Network Security & Hacking News/Latest Security News
System tool ldd is carelessly coded - a fact which can be exploited by a resourceful attacker to execute code during an analysis System tool ldd is carelessly coded - a fact which can be exploited by ...Tuesday, 27 October 2009 -
Links for 2009-10-26 [del.icio.us]
Category: Network Security & Hacking News/Latest Security News
... exploit with ldd Read Full Article ...Monday, 26 October 2009 -
Web Security at CSI Annual Conference
Category: Network Security & Hacking News/Latest Security News
... attacks. Yet who needs to exploit vulnerabilities when there are plenty of malicious ways to use legitimate applications, like social networking sites and microblogs. And what ... I'm participating in ...Monday, 26 October 2009 -
Alleged critical vulnerability in Sun Java System Web Server
Category: Network Security & Hacking News/Latest Security News
A commercial exploit package allegedly contains a zero day exploit for Sun's web platform A commercial exploit package allegedly contains a zero day exploit for Sun's web platform Read Full Article ...Monday, 26 October 2009 -
Ed Skoudis's COINS event in NYC: The Bad Guys are Winning: So Now What?
Category: Network Security & Hacking News/Latest Security News
... how to identify and exploit vulnerabilities and of how to assess (and communicate) the business risk of those vulnerabilities. An enterprise security specialist must also know about exploiting vulnerabilities, ...Saturday, 24 October 2009 -
Penetration Testing vs. Vulnerability Assessments
Category: Network Security & Hacking News/Latest Security News
... an active analysis of the system for any weaknesses, technical flaws or vulnerabilities. This analysis is carried out from the position of a potential attacker, and can involve active exploitation of security ...Friday, 23 October 2009 -
Metasploit JSP Shells
Category: Network Security & Hacking News/Latest Security News
... but the easiest way is to just output the shell to raw and just upload it to a web server or for an example with an exploit check out the adobe robohelp exploit. http://dev.metasploit.com/redmine/projects/framework/repository/entry/modules/exploits/windows/http/adobe_robohelper_authbypass.rb ...Thursday, 22 October 2009 -
Gaping security hole in Time Warner cable routers
Category: Network Security & Hacking News/Latest Security News
A gaping security hole in cable modems distributed to Time Warner/Road Runner customers could potentially be exploited remotely to access private networks and possibly capture and manipulate private data. ...Thursday, 22 October 2009 -
Rapid7 acquires the Metasploit project
Category: Network Security & Hacking News/Latest Security News
Metasploit, a major exploits site and exploit framework project, has been acquired by commercial security company Rapid7 Metasploit, a major exploits site and exploit framework project, has been acquired ...Wednesday, 21 October 2009 -
Letter from Ondernemings-Portaal België
Category: Network Security & Hacking News/Latest Security News
... more data than the basic details like name, zip and city then you need to take extra costs into account. Indien u per vergissing als exploitant van een privé internet pagina werd aangeschreven of niet ...Wednesday, 21 October 2009 -
4chan hoax morphs into malware attack in Kanye death hoax
Category: Network Security & Hacking News/Latest Security News
... of Kanye West, originating as a prank, got co-opted by those looking to exploit your computer. Read Full Article ...Wednesday, 21 October 2009 -
White box better than black box
Category: Network Security & Hacking News/Latest Security News
... app samples. I consider credential/session prediction flaws detected by white box to be typically hard to exploit even though it is a real flaw. White box (static) analysis reports this whenever non-cryptographically ...Wednesday, 21 October 2009 -
SQL Injection Attacks and Defense Book Review
Category: Network Security & Hacking News/Latest Security News
... It looks like they are turning things around. Second, kudos to the authors for finally explaining SQL Injection and exploiting the OS through the database in a understandable way. Previous books have ...Tuesday, 20 October 2009 -
RSnakes On A Plane
Category: Network Security & Hacking News/Latest Security News
or why RSnake will never be allowed to play video blackjat or poker at Blackhat ever again. Rsnake's exploits with the game system on a recent flight are a fabulous read. Makes me wonder just how integrated ...Tuesday, 20 October 2009 -
Fortify warns new WiFi Standard could pose major security threat
Category: Network Security & Hacking News/Latest Security News
... however these applications will often have security vulnerabilities that can be exploited by criminals UNLESS a) the developers are trained in secure coding practices and b) the code has been reviewed ...Tuesday, 20 October 2009 -
'Evil Maid' USB stick attack keylogs TrueCrypt passphrases
Category: Network Security & Hacking News/Latest Security News
... the hard drive's content. Dubbed, the evil maid' attack due to its plug-and-exploit' functionality requiring 1-2 minutes for the infection process to the take place, works with Security researcher ...Monday, 19 October 2009 -
20/20 Hindsight – Walmart Lessons Learned for Tenable Customers
Category: Network Security & Hacking News/Latest Security News
... to exploit a technical attack such as a buffer overflow or because they are specifically attempting a denial of service attack or unintentionally exhausting resources such as memory or disk space. ...Monday, 19 October 2009 -
Balloon Boy TV Circus Exploited By Hackers
Category: Network Security & Hacking News/Latest Security News
Malicious hackers are poisoning search engines to entrap computer users hunting for the latest news on the Falcon Heene case. Malicious hackers are poisoning search engines to entrap computer users hunting ...Monday, 19 October 2009 -
Microsoft "Patch Tuesday" - The Aftermath
Category: Network Security & Hacking News/Latest Security News
... most effective at reducing risk for them. For example, the Microsoft IIS FTP server remote exploit vulnerability has a “critical” rating, but if you are already implementing mitigating factors, or are ...Monday, 19 October 2009 -
Firefox blocks, then unblocks, Microsoft add-on
Category: Network Security & Hacking News/Latest Security News
Firefox 3.5 started to block a Microsoft plug-in that can be used to exploit a security hole in .NET Framework 3.51. But now Mozilla is unblocking it after confusion over the vulnerability Firefox 3.5 ...Sunday, 18 October 2009 -
Security Exploits and Security Patches
Category: Category
Site Search
Login Form
Sponsor Advertisements
 |