Vicky-al00a,vicky-al00c,vicky-tl00a,victoria-al00a,victoria-tl00a Security Vulnerabilities

Security Advisory - Use After Free Vulnerability in Madapt Driver of Some Huawei Smart Phones

The Madapt Driver of some Huawei smart phones has a use after free (UAF) vulnerability. An attacker can trick a user to install a malicious application which has a high privilege to exploit this vulnerability, Successful exploitation may cause arbitrary code execution. (Vulnerability ID:...

Threat Outbreak Alert RuleID30874: Email Messages Distributing Malicious Software on October 6, 2017

Medium Alert ID: 55540 First Published: 2017 October 6 17:19 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID30874) may contain the following...

Security Advisory - Stored Cross-Site Scripting Vulnerability in Huawei Email APP of Smartphones

There is a stored cross-site scripting vulnerability in Huawei Email APP of smartphones. The vulnerability is due to insufficient verification of parameter values. A remote attacker could exploit this vulnerability to send email that storing malicious code to a smartphone and waiting for a user to....

Security Advisory - Out-of-Bounds Memory Access Vulnerability in the Boot Loaders of Huawei Mobile Phones

The boot loaders of some Huawei mobile phones have an out-of-bounds memory access vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause buffer...

Security Advisory - Arbitrary Memory Write Vulnerability in Some Huawei Smart Phones

The boot loaders of some Huawei mobile phones have a arbitrary memory write vulnerability due to the lack of parameter validation. An attacker with the root privilege of an Android system may trick a user into installing a malicious APP. The APP can modify specific data to cause arbitrary memory...

Security Advisory - Two Vulnerabilities in Smart Phones

Some Huawei smart phones have an unlock code verification bypassing vulnerability. An attacker with the root privilege of a mobile can exploit this vulnerability to bypass the unlock code verification and unlock the mobile phone bootloader. (Vulnerability ID: HWPSIRT-2017-04121) This vulnerability....

FBI Arrests Researcher Who Found 'Kill-Switch' to Stop Wannacry Ransomware

The 22-year-old British security researcher who gained fame for discovering the "kill switch" that stopped the outbreak of the WannaCry ransomware—has been reportedly arrested in the United States after attending the Def Con hacking conference in Las Vegas. Marcus Hutchins, operates under the...

Hackers Behind WannaCry Ransomware Withdraw $143,000 From Bitcoin Wallets

The cyber criminals behind the global WannaCry ransomware attack that caused chaos worldwide have finally cashed out their ransom payments. Nearly three months ago, the WannaCry ransomware shut down hospitals, telecom providers, and many businesses worldwide, infecting hundreds of thousands of...

Security Advisory - Insufficient Input Validation Vulnerability in Bastet of Huawei Smart Phone

The Bastet of some Huawei mobile phones has an insufficient input validation vulnerability due to the lack of parameter validation. An attacker may trick a user into installing a malicious APP. The APP can modify specific parameter to cause system reboot. (Vulnerability ID: HWPSIRT-2017-05190)...

victoriahyundai.com XSS vulnerability

Vulnerable URL:...

Security Advisory - FRP Bypass Vulnerability in Huawei Smart Phones

There is Factory Reset Protection (FRP) bypass security vulnerability in some Huawei smart phones. When re-configuring the mobile phone using the factory reset protection (FRP) function, an attacker can login the configuration flow by some secret code and can perform some operations to update the.....

chemoventory.tcc.fl.edu XSS vulnerability

Vulnerable URL:...

datagovca.com XSS vulnerability

Vulnerable URL:...

JapsPer pointer undefined vulnerability analysis-vulnerability warning-the black bar safety net

0×01: introduction JapsPer project is an open source project, it provides a method based on the jpeg-2000 part of the standard. This project was originally developed by Image Power and University of British Columbia collaboration. Currently, the ongoing JapsPer software maintenance and...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

No, WannaCry Is Not Dead! Hits Honda & Traffic Light Camera System

It's been over a month since the WannaCry ransomware caused chaos worldwide and people have started counting its name as 'the things of past,' but… ...WannaCry is not DEAD! The self-spreading ransomware is still alive and is working absolutely fine. The latest victims of WannaCry are Honda...

Beware — Someone is dropping Malware-infected USB Sticks into People's Letterbox

Hey! Wait! Wait! Wait! Don't plug in that USB stick into your laptop. It could infect your computer with malware and viruses. Australia's Victoria Police Force has issued a warning regarding unmarked USB flash drives containing harmful malware being dropped inside random people's letterboxes...

Threat Outbreak Alert RuleID24330: Email Messages Distributing Malicious Software on August 16, 2016

Medium Alert ID: 48492 First Published: 2016 August 16 13:54 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID24330) may contain the following...

Brilhante Victoria Jogos - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Brilhante Victoria Jogos published at the 'play' market has multiple...

Threat Outbreak Alert RuleID21586: Email Messages Distributing Malicious Software on March 10, 2016

Medium Alert ID: 44006 First Published: 2016 March 10 15:03 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages distributing malicious software. Email messages that are related to this threat (RuleID21586) may contain the following...

Paragon Initiative Enterprises: DNSsec not configured

Description: I found out that there is no DNSSEC configured on your webserver to prevent DNS related attacks. This is an issue that would allow attackers to target your DNS directly The Domain Name System Security Extensions (DNSSEC) is a suite of Internet Engineering Task Force (IETF)...

New Relic: A Signup page does not properly validate the authenticity token at the server side.

Description: POST /signups HTTP/1.1 Host: newrelic.com User-Agent: Mozilla/5.0 (Windows NT 6.2; rv:43.0) Gecko/20100101 Firefox/43.0 Accept: / Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate X-NewRelic-ID: VQQHU1RbARABVlNWAgAGUA== X-CSRF-Token: Content-Type:...

New Relic: A Log in page does not properly validate the authenticity token at the server side

Description: POST /login?return_to=%2Foauth_provider%2Fauthorize%3Fresponse_type%3Dcode%26client_id%3D%252BvB2dkv4yOb37C00ACk%252B6A%253D%253D%26redirect_uri%3Dhttps%253A%252F%252Frpm.newrelic.com%252Fauth%252Fnewrelic%252Fcallback%26state%3D2ea541fcd18aa27925ad8977848536106cbaf1bbb4611f90...

coastguard.com.au XSS vulnerability

Vulnerable URL: http://www.coastguard.com.au/flotillavic/49-vf7> http://www.coastguard.com.au/flotillavic/49-vf7 %C2%A0 %C2%A0 Postal mail can be addressed to %C2%A0 AVCG VF07 Carrum POP Box 657 Patterson Lakes Victoria, 3197 Austrlia Details: Description| Value ---|--- Patched:| No...

Square Victoria O2O business system SQL injection vulnerability+XXE entity injection demo validation-vulnerability warning-the black bar safety net

Square Victoria O2O, the demo site address: http://o2odemo.fanwe.net/ /cpapi/qxtapi.php code area define("FILE_PATH","/cpapi"); require_once '../system/system_init.php'; $ip = CLIENT_IP; $xml = file_get_contents('php://input'); if($ip!=' 221.179.180.156' || $xml=="") { ...

Internet Systems Consortium Site Redirects to Angler Exploit

UPDATE: This story has been updated with comments from the Internet Systems Consortium. The Internet Systems Consortium website is offline today after the non-profit domain name service maintainer announced its website had possibly become infected with malware. The ISC, as it is commonly known, is....

Apple Ransomware Targeting iCloud Users Hits Australia

A handful of iPhone, iPad and Mac users, largely confined to Australia, awoke Tuesday to discover their devices had been taken hostage by ransomware. Instead of their normal home screens, users were greeted with a message promising that their devices would be unlocked if a ransom, somewhere...

Threat Outbreak Alert: Fake Account Payment Confirmation Email Messages on March 27, 2014

Medium Alert ID: 33537 First Published: 2014 March 27 15:30 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain an account payment confirmation notice for the recipient. The text in the email message attempts to convince...

Threat Outbreak Alert: Fake Money Transfer Notification Email Messages on February 17, 2014

Medium Alert ID: 32891 First Published: 2014 February 17 17:16 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a money transfer notice for the recipient. The text in the email message attempts to convince the...

Threat Outbreak Alert: Fake Interest Rate Change Notification Email Messages on January 27, 2014

Medium Alert ID: 32584 First Published: 2014 January 27 18:24 GMT Version: 1 Summary Cisco Security has detected significant activity related to Italian-language spam email messages that claim to contain an interest rate change notice for the recipient. The text in the email message attempts...

Threat Outbreak Alert: Fake Product Sample Request Email Messages on July 2, 2013

Medium Alert ID: 29922 First Published: 2013 July 2 13:24 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product sample request for the recipient. The text in the email message attempts to convince the recipient...

Threat Outbreak Alert: Fake Sample Product Purchase Order Email Messages on July 1, 2013

Medium Alert ID: 29864 First Published: 2013 July 1 16:01 GMT Version: 1 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a product purchase order for the recipient. The text in the email message attempts to convince the recipient...

Atmel "secure" crypto co-processor series microprocessors (AT91SAM7XC) leaking keys, plus bonus DESFire hack

The Atmel AT91SAM7XC series of microprocessors contain a crypto co-processor which is DES and AES capable. They include a write-only memory for key storage and multiple physical security measures to prevent decapping etc. However, due to poor memory management, in certain circumstances it is...

Scientific Linux Security Update : tzdata on SL3.x i386/x86_64

A tzdata enhancement, with updates for Venezuela, Indiana, Egypt, Gaza, South Australia, Antarctica, Brazil, and Iran is now available. The tzdata package contains data files with information regarding and rules for daylight saving times in various timezones around the world. The updated package...

Scientific Linux Security Update : tzdata on SL5.x, SL4.x i386/x86_64

A tzdata enhancement, with updates for Venezuela, Indiana, Egypt, Gaza, South Australia, Antarctica, Brazil, and Iran is now available. The tzdata package contains data files with information regarding and rules for daylight saving times in various timezones around the world. The updated package...

ECShop => SQL Injection Vulnerability

Exploit for php platform in category web...

2012 Most Vulnerable Cities At Risk Of Cyber Crime

2012 Most Vulnerable Cities At Risk Of Cyber Crime Norton's study showed the city was one of the ten worst for hacking. Each city was ranked by the prevalence of PCs and smartphones in addition to social media use with risk factors like unsecured Wi-Fi hotspots and malware attempts. Manchester...

White House Wades into Piracy Legislation Debate

Officials with the Obama administration said the White House will not support anti-piracy bills that endanger cybersecurity or freedom of expression on the Web. In a post Saturday on the White House blog, three top technology officials for the administration – Victoria Espinel, intellectual...

Australian Newspaper Offices Raided in Hacking Inquiry

Detectives from Australia’s Victoria Police last week executed a raid of offices at The Age, one of the largest newspapers in Melbourne, seizing computers and documents they believe were used in a hacking scheme. Authorities spent eight hours removing computers that were purportedly used by...

German Engineer Arrested In Card Skimming Plot

A German engineer was sentenced to three years in jail on Friday after he was found transporting card skimming technology into Britain according to a report from Reuters UK. Thomas Beeckmann, 26, was stopped at London’s Victoria Coach Station in June with 17 electronic scamming circuits. The...

WikiLeaks.org under Cyber Attack after releasing U.S. diplomatic cables

WikiLeaks.org under Cyber Attack after releasing U.S. diplomatic cables The WikiLeaks website, which contains thousands of U.S. embassy cables, has crashed in an apparent cyberattack. The anti-secrecy organization said in a Twitter message Tuesday that Wikileaks.org "is presently under...

ip-geolocation-maxmind NSE Script

Tries to identify the physical location of an IP address using a Geolocation Maxmind database file (available from http://www.maxmind.com/app/ip-location). This script supports queries using all Maxmind databases that are supported by their API including the commercial ones. See also: ...

Mubarak Resigns, Congratulations Egypt : Anonymous Press Release !

Mubarak Resigns, Congratulations Egypt : Anonymous Press Release ! **It was 18 days of sometimes violent demonstrations that forced the man who ruled Egypt for nearly 30 years to step down. Friday was the day the demonstrators had been awaiting. The announcement of Mr. Mubarak's resignation...

Ubuntu: Security Advisory (USN-528-1)

The remote host is missing an update for...

Ubuntu Update for mysql-dfsg-5.0 vulnerabilities USN-528-1

Ubuntu Update for Linux kernel vulnerabilities...

MG2 0.5.1 Remote Code Execution

...

MG2 0.5.1 (filename) Remote Code Execution Vulnerability

No description provided by...

MG2 0.5.1 - filename Remote Code Execution

MG2 0.5.1 - filename Remote Code...

MG2 0.5.1 (filename) Remote Code Execution Vulnerability

Exploit for unknown platform in category web...

MG2 0.5.1 - 'filename' Remote Code Execution

...