Update: Hacking Group TeaMp0isoN Claims Breach of T-Mobile

The hacking group TeaMp0isoN claims to have compromised Web servers used by T-Mobile, and absconded with account information for company employees, including members of T-Mobile’s media team. The group used a post on its official Twitter account taking responsibility for the attack, which targete...

[SECURITY] Fedora 15 Update: plib-1.8.5-5.fc15

This is a set of OpenSource LGPL libraries that will permit programmers to write games and other realtime interactive applications that are 100% portable across a wide range of hardware and operating systems. Here is what you need - it's all free and available with LGPL'ed source code on the web...

Warm up the keyboard, Its time for February The Hacker News Magazine !

Warm up the keyboard, Its time for February The Hacker News Magazine ! Warm up the keyboard, hack into the internet security of your mind and help us fill the February The Hacker News Magazine with fun, interesting and educational web security info. Our readers love to see what you are up to and...

libxml2 security update

CentOS Errata and Security Advisory CESA-2012:0016 Updated libxml2 packages that fix several security issues are now available for Red Hat Enterprise Linux 4. The Red Hat Security Response Team has rated this update as having important security impact. Common Vulnerability Scoring System CVSS bas...

Apache Struts remote command execution and arbitrary file overwrite vulnerabilities-vulnerability warning-the black bar safety net

Release Date: 2 0 1 2 year 0 1 month 0 8 day Affected Software and systems Apache Struts 2.3.1 and following versions Vulnerability description Apache Struts is a development of Java Web application open source Web application framework. Apache Struts in the realization of the presence of the...

Typo3 4.5 < 4.7 - Remote Code Execution / Local File Inclusion / Remote File Inclusion

Exploit Title: Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Date: 4th January 2012 Author: MaXe Software Link: https://typo3.org/download/ Version: 4.5.0 up to 4.5.8, 4.6.0 and 4.6.1 + development releases of 4.7 branch Typo3 v4.5-4.7 - Remote Code Execution RFI/LFI Versions Affected: 4.5.0 up ...

Japan developing cyber weapons for Counter Attacks

Japan developing cyber weapons for Counter Attack Japanese technology firm Fujitsu is developing a 'seek and destroy' virus which could identify and combat hacking and other cyber threats in a more effective way. The weapon is the culmination of a 179 million yen three-year project entrusted by t...

Hackers Plan Satellite Network to Fight Internet Censorship

A group of hackers are reportedly declaring war on Internet censorship, and they plan to fight back with their own satellite communications network. Sound like science fiction? According to BBC News, the plan was recently outlined at the Chaos Communication Congress in Berlin. Dubbed the...

Thinking About Software Security Holistically

While assessing software systems of all types a few common mistakes regularly come up. These aren’t mistakes that lead directly to vulnerabilities, but mistakes in how some software companies think about security, that can lead to invalid assumptions, and ultimately which can allow real security...

ThinkPHP development framework xss-vulnerability warning-the black bar safety net

Brief description: open source php development framework for default therexssvulnerabilities, leading to all use of the framework for the development of the system are presentxssvulnerability Detailed description: does not does not exist in the module handle the error properly, leading...

Quality Coding Takes A Break For The Holidays. But Why?

I recently read a blog post by CloudFlare and Shawn Graham that asked a fantastic and timely question: “Do Hackers Take The Holidays Off?” CloudFlare sees traffic for hundreds of thousands of websites and was able to answer the question. They looked at the average percentage of requests that...

CVE-2011-4368

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Cross site scripting

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

CVE-2011-4368

CVE-2011-4368 concerns an XSS flaw in Adobe ColdFusion’s Remote Development Services (RDS) affecting ColdFusion 8.0–9.0.1. The vulnerability enables remote attackers to inject arbitrary script/HTML in victims’ browsers, via unspecified vectors, within the context of the affected web application. ...

CVE-2011-4368

Cross-site scripting XSS vulnerability in Remote Development Services RDS in Adobe ColdFusion 8.0 through 9.0.1 allows remote attackers to inject arbitrary web script or HTML via unspecified vectors...

Keshav Infotech SQL Injection

| Keshavinfotech WebApps Multiple Vulnerability | Author : g3mbeLYCL Feat Nuxbie Home : www.thecybernuxbie.com E-mail : [email protected] Found : 12 December 2011. Tested On : Back|Track 5. ! Google Dork : inurl:"Your Think" Software Information Homepage: http://www.keshavinfotech.com/ PHP...

The Mole - Another Automatic SQL Injection exploitation tool

The Mole - Another Automatic SQL Injection exploitation tool The Mole is an automatic SQL Injection exploitation tool. Only by providing a vulnerable URL and a valid string on the site it can detect the injection and exploit it, either by using the union technique or a boolean query based...

OSTP Announces New Cybersecurity R&D Plan

The Office of Science and Technology Policy OSTP released a new report yesterday that details plans to complement the nation’s existing cybersecurity policy, according to a blog entry on the office’s site co-authored by U.S. Chief Technology Officer Aneesh Chopra and Cybersecurity Coordinator...

UN Says Old Server, Old Data Exposed In TeamP0ison Hack

In the wake of a highly visible hack of its network infrastructure, a spokeswoman for the United Nations Development Programme UNDP says that hackers from the group TeamP0ison compromised an unpatched server and that e-mail addresses and account passwords exposed in the attack were outdated. Staf...

JDK: unspecified vulnerability fixed in 6u29 (Sound)

Unspecified vulnerability in the Java Runtime Environment component in Oracle Java SE JDK and JRE 6 Update 27 and earlier, 5.0 Update 31 and earlier, and 1.4.233 and earlier, and JRockit R28.1.4 and earlier, allows remote attackers to affect confidentiality, integrity, and availability via unknow...