639 matches found
Dropbox installations hinder effectiveness of ASLR.
UPDATE: The popular cloud storage service Dropbox was reportedly undercutting the efficacy of access space layout randomization ASLR by failing to enable that feature within the dynamic link libraries DLLs it injects into other applications. The company now claims it has resolved the issue. Graha...
WordPress Simple Dropbox 1.8.8 Shell Upload
Exploit Title : Wordpress Simple Dropbox Upload plugin File Upload Exploit Author : Ashiyane Digital Security Team Download Link : http://wordpress.org/plugins/simple-dropbox-upload-form/ Home : www.Ashiyane.org Version : 1.8.8 Security Risk : High Dork :...
Kaspersky revealed "Kimsuky" Cyber Espionage campaign targeting South Korea
Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea., This new Cyber Espionage campaign dubbed "Kimsuky" has targeted several South Korean think tanks. Researchers believe the Kimsuky malware is mo...
Kaspersky revealed "Kimsuky" Cyber Espionage campaign targeting South Korea
Russian Security Firm Kaspersky Lab has revealed that it has been following a sustained attack on South Korea by hackers seemingly based in North Korea., This new Cyber Espionage campaign dubbed "Kimsuky" has targeted several South Korean think tanks. Researchers believe the Kimsuky malware is mo...
Researchers Reverse Engineer Dropbox
Researchers have cracked open cloud storage service Dropbox, reverse engineering the encryption protecting the client in order to open it up to further security analysis. The engineers, Dhiru Kholia of Openwall and Przemyslaw Wegrzyn of CodePainters, also managed to demonstrate how to use...
Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities
Olive File Manager 1.0.1 iOS - Multiple Vulnerabilities Title: ====== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities Date: ===== 2013-07-13 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1009 VL-ID: ===== 1009 Common Vulnerability Scoring System:...
Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities
Document Title: =============== Olive File Manager v1.0.1 iOS - Multiple Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1009 Release Date: ============= 2013-07-12 Vulnerability Laboratory ID VL-ID: ====================================...
AOL Instant Messenger 8.0.1.5 Binary Planting
!/bin/bash AOL Instant Messenger 8.0.1.5 Jul 2013 Exploit Windows XP/7 tested and working. Leverages binary file planting to My Documents via AIMs advertisement code. Little social engineering built in using javascript to try to get them to run the AIMInstall.exe. Starts a reverse shell back to...
Hacking DropBox account, Vulnerability allows hacker to bypass Two-Factor Authentication
Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service 'DropBox'. Two Factor Authentication is an extra layer of security that is known as "multi factor authentication" that requires not only a password...
Hacking DropBox account, Vulnerability allows hacker to bypass Two-Factor Authentication
Q-CERT team found a critical vulnerability that allows the attacker to bypass the two-factor authentication in the most popular file sharing service 'DropBox'. Two Factor Authentication is an extra layer of security that is known as “multi factor authentication” that requires not only a password...
USAID a Target of DoL Watering Hole Attackers
One of the nine sites serving malware tied to the recent watering hole attack on the U.S. Department of Labor was located in Cambodia and has ties to the United States Agency for International Development USAID. Speculation has it that the DoL attack was targeting downstream employees at the...
WordPress Plugin: Advanced XML Reader v0.3.4 XXE Vulnerability
The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C: named "test.txt", which...
WordPress Advanced XML Reader 0.3.4 XXE Injection Vulnerability
WordPress Advanced XML Reader plugin version 0.3.4 suffers from a XXE XML eXternal Entity injection vulnerability The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks...
WordPress Advanced XML Reader 0.3.4 XXE Injection
The WordPress plugin Advanced XML Reader v0.3.4 published here: http://wordpress.org/extend/plugins/advanced-xml-reader/ is susceptible to XXE XML eXternal Entity processing attacks. After installing the plugin on a Windows machine, I created a text file in the root of C:\ named "test.txt", which...
Microsoft Reportedly Adding Two-Factor Authentication to User Accounts
Microsoft reportedly will implement two-factor authentication on users’ accounts at some point down the line, according to reports this week. Microsoft fansite Liveside.net first reported about the company’s plans yesterday with a blog post that includes a handful of screenshots from the purporte...
Skype, Dropbox Patch Critical Facebook Authentication Bugs
UPDATE Popular applications Skype and Dropbox fixed holes in their websites this week that could have allowed an attacker to gain control of users’ Facebook accounts. In what’s technically being referred to as an “open direct vulnerability,” both applications failed to validate sites before sendi...
URL Redirection flaw in Facebook apps push OAuth vulnerability again in action
In earlier posts, our Facebook hacker 'Nir Goldshlager' exposed two serious Facebook oAuth Flaws. One, Hacking a Facebook account even without the user installing an application on their account and second, various ways to bypassing the regex protection in Facebook OAuth. This time, Nir illustrat...
Remote File Manager 1.2 iOS - Multiple Vulnerabilities
Remote File Manager 1.2 iOS - Multiple Vulnerabilities Title: ====== Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=882 VL-ID: ===== 882 Common Vulnerability Scoring System:...
Remote File Manager 1.2 XSS / Local File Inclusion
Title: ====== Remote File Manager v1.2 iOS - Multiple Web Vulnerabilities Date: ===== 2013-02-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=882 VL-ID: ===== 882 Common Vulnerability Scoring System: ==================================== 6.1 Introduction: ============...
Dropbox Users Reporting More Spam Following Last Summer's Breach
It appears the breach of cloud-based storage service Dropbox last year has spurned another wave of spam over the last week or so. Users began posting complaints on the service’s Bugs and Troubleshooting forum yesterday claiming that their Dropbox-specific accounts started receiving spam again las...