The Android framework layer vulnerability-Fragment injection-vulnerability warning-the black bar safety net

Original: A New Vulnerability in the Android Framework: Fragment Injection Source: http://securityintelligence.com/new-vulnerability-android-framework-fragment-injection/comments Author: Roee Hay,IBM's Application Security Research Team Time: 2013.12.10 Recently we to the Android security team ha...

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13 Vulnerability Laboratory ID VL-ID:...

Internet Bug Bounty: TLS Virtual Host Confusion

I am a security researcher at INRIA Paris in team PROSECCO http://prosecco.inria.fr We have been investigating a new class of attacks against the deployment of TLS on the Web. The main idea behind these attacks is that when two servers host different domains but share the same certificate which...

Fake Dropbox Password Reset Spam Leads to Malware

A new spam campaign has been circulating over the last few weeks aiming to dupe users of the popular cloud storage service Dropbox. The e-mails purport to come from the service but instead lead those who click through to a malware landing page. Some of the emails start off fairly convincingly:...

OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion

OliveOffice Mobile Suite 2.0.3 iOS - Local File Inclusion Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-13...

OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability

Document Title: =============== OliveOffice Mobile Suite 2.0.3 iOS - File Include Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1110 Release Date: ============= 2013-10-12 Vulnerability Laboratory ID VL-ID:...

Byword 2.x File Overwrite Vulnerability

The Metaclassy Byword app 2.x before 2.1 for iOS does not require confirmation of Replace file actions, which allows remote attackers to overwrite arbitrary files via the name and text parameters in a byword://replace URL. Affected Vendor: http://metaclassy.com/ - Affected Software: Byword for iO...

[CVE-2013-5725] - Byword for iOS Data Destruction Vulnerability

Affected Vendor: http://metaclassy.com/ - Affected Software: Byword for iOS - Affected Version: 2.x prior to 2.1 - Issue Type: Lack of validation/user confirmation leading to destruction of data - Release Date: 29 Sept 2013 - Discovered by: Guillaume Ross - CVE Identifier: CVE-2013-5725 - Issue...

CVE-2013-5963

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/...

Unrestricted file upload

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/...

CVE-2013-5963

CVE-2013-5963 affects the WordPress plugin Simple Dropbox Upload (multi.php). The vulnerability allows an attacker to upload a file with an executable extension to the plugin’s wp-content/uploads/wpdb/ path and then access it via a direct request, enabling remote code execution. Impact is describ...

CVE-2013-5963

Unrestricted file upload vulnerability in multi.php in Simple Dropbox Upload plugin before 1.8.8.1 for WordPress allows remote attackers to execute arbitrary code by uploading a file with an executable extension, then accessing it via a direct request to the file in wp-content/uploads/wpdb/...

Law Enforcement Requests Report: No Skype Data Turned Over

Microsoft’s report on compliance with law enforcement requests for data demonstrates a status quo for the software giant from the last reporting period. While the number of requests from law enforcement dropped worldwide in the first six months of 2013, Microsoft complied with 79 percent of...

WordPress Simple Dropbox Upload Plugin <=1.8.8.0 - Unrestricted File Upload

Because of this vulnerability in multi.php, the attackers can execute arbitrary code by uploading a file with an executable extension and after that accessing it via a direct request to the file in wp-content/uploads/wpdb/. Solution Update the plugin...

Byword 2.x File Overwrite

Affected Vendor: http://metaclassy.com/ - Affected Software: Byword for iOS - Affected Version: 2.x prior to 2.1 - Issue Type: Lack of validation/user confirmation leading to destruction of data - Release Date: 29 Sept 2013 - Discovered by: Guillaume Ross - CVE Identifier: CVE-2013-5725 - Issue...

Mailbox iPhone app vulnerability executes any Javascript from HTML mail body

Italian Researcher Michele Spagnuolo recently revealed a serious vulnerability in the popular Mailbox iPhone app. Mailbox is a tidy iOS the email app recently purchased by Dropbox, has a pretty wide-open hole that could allow bad actors to hijack your device. The flaw occurs in the latest version...

Mailbox App for iOS Automatically Executes Javascript

UPDATE – The popular Mailbox app for iOS suffers from a bit of a security nightmare. A security researcher in Italy recently discovered that the app automatically executes javascript contained in any HTML email. “It is just a bad design choice,” said researcher Michele Spagnulo, a computer...

Dropbox Requests National Security Letter Transparency

Dropbox, as LinkedIn did a week ago, filed an amicus brief yesterday with the United States Foreign Intelligence Surveillance Court FISC requesting permission to publish the number of National Security Letter requests the cloud storage company receives. Dropbox followed LinkedIn’s lead, arguing i...

Dropbox installations hinder effectiveness of ASLR.

UPDATE: The popular cloud storage service Dropbox was reportedly undercutting the efficacy of access space layout randomization ASLR by failing to enable that feature within the dynamic link libraries DLLs it injects into other applications. The company now claims it has resolved the issue. Graha...

WordPress Simple Dropbox 1.8.8 Shell Upload

Exploit Title : Wordpress Simple Dropbox Upload plugin File Upload Exploit Author : Ashiyane Digital Security Team Download Link : http://wordpress.org/plugins/simple-dropbox-upload-form/ Home : www.Ashiyane.org Version : 1.8.8 Security Risk : High Dork :...