853 matches found
SQL Injection Vulnerability in 'Yahoo! Contributors Network'
Yahoo! Contributors Network contributor.yahoo.com, the network of authors that generated the contents such as photographs, videos, articles and their knowledge to more than 600 million monthly visitors, was vulnerable to a Time based Blind SQL Injection vulnerability. Behrouz Sadeghipour, a...
CVE-2014-4533
Cross-site scripting XSS vulnerability in ajaxfunctions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hidid parameter...
Cross site scripting
Cross-site scripting XSS vulnerability in ajaxfunctions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hidid parameter...
CVE-2014-4533
Cross-site scripting XSS vulnerability in ajaxfunctions.php in the GEO Redirector plugin 1.0.1 and earlier for WordPress allows remote attackers to inject arbitrary web script or HTML via the hidid parameter...
WordPress GEO Redirect Plugin <= 1.0.1 - XSS
Because of this vulnerability in ajaxfunctions.php, the attackers can inject arbitrary web script or HTML via the "hidid" parameter. Solution Update the plugin...
Geo Redirector <= 1.0.1 - XSS
Plugin is still affected and has been closed...
Tinder Online Dating app vulnerability revealed Exact Location of Users
Using Popular Online Dating app - Tinder on iPhone?? Then you are at significant risk that exposed members' private information without their knowledge. Online Dating app Tinder, available for the iPhone from the app store, has become incredibly popular in the past few months. Tinder app allows y...
osCommerce v2.x SQL Injection Vulnerability
Exploit for php platform in category web applications Title: osCommerce v2.x SQL Injection Vulnerability Dork: Powered by osCommerce Author: Ahmed Aboul-Ela Contact: ahmed.aboul3laatgmaildotcom - http://twitter.com/secgeek Vendor : http://www.oscommerce.com Version: v2.3.3.4 current latest releas...
[IPhone Analyzer] IPhone Forensics Tool
iPhone Analzyer allows you to forensically examine or recover date from in iOS device. It principally works by importing backups produced by iTunes or third party software, and providing you with a rich interface to explore, analyse and recover data in human readable formats. Because it works fro...
Two Million stolen Facebook, Twitter login credentials found on 'Pony Botnet' Server
Security researchers at Trustwave's SpiderLabs found a Netherlands-based Pony Botnet Controller Server with almost two Million usernames and passwords, stolen by cybercriminals from users of Facebook, Twitter, Google, Yahoo and other websites. In a blog post, the researchers mentioned that after...
New Dirt Jumper Variant 'Drive' More Refined Than Original
Researchers have detected new attacks originating from a souped-up variant of the DIY Dirt Jumper DDoS toolkit they’ve taken to calling Drive. While it hasn’t been seen spreading through any underground forums yet, the up-and-coming threat apparently boasts a “much more powerful DDoS engine than...
Apple Fields Data Requests for 10,000 Users Accounts
Since December, U.S. law enforcement agencies have made between 4,000 and 5,000 requests for customer data from Apple on as many 10,000 user accounts, the company said in a statement released last night. Apple said in the wake of allegations that it participates in feeding the U.S. government...
Precision Bouncer List Phishing Kits Keep Targets Inside the Ropes
Just when you thought phishers had exhausted all avenues of innovation, a new tactic has emerged in attacks against financial institutions bringing the level of targeting and geo-filtering to precise new levels. Dubbed bouncer list phishing by RSA Security, these attack kits are built off stolen...
Operation Red October : Cyber Espionage campaign against many Governments
A new sensational discovered has been announced by Kaspersky Lab's Global Research & Analysis Team result of an investigation after several attacks hit computer networks of various international diplomatic service agencies. A new large scale cyber-espionage operation has been discovered, named Re...
Video Beef - Get Protocols And Geolocation
How to get protocols and geo-location using BeEF Browser Exploitation Framework. This attack will require Java. In GeoLocation you will get almost full address and latitude and longitude and find the perfect location using Google Map...
Low: Red Hat Security Advisory: Red Hat Storage 2.0 security, bug fix, and enhancement update #3
Updated glusterfs packages that fix multiple security issues, several bugs, and contain enhancements are now available for Red Hat Storage 2.0. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which give...
Researchers caught espionage malware mastermind on webcam
In march 2011 CERT-Georgia has Discovered Cyber Espionage Attack Incident on country of Georgia. Advanced Malicious Software was Collecting Sensitive, Confidential Information about Georgian and American Security Documents and then uploading it to some of Command and Control Servers. After a...
Unirgy uStoreLocator Magento Extension SQL Injection
SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: SQL Injection product: Unirgy uStoreLocator - Magento extension vulnerable version: =2.0.1 impact: High homepage: http://www.unirgy.com/ found: 2012-06-18 by: K...
FBI Warning : New Malware attacking Android smartphones
Users should be aware that Cyber criminals are finding new ways to install malicious software on devices. The latest threat to Android phone users, according to the FBI, is a "work-at-home opportunity that promises a profitable payday just for sending out email." The IC3 has been made aware of...
Wireless Security Auditing: Fern Wifi Cracker
Fern Wifi Cracker is a Wireless security auditing and attack software program written using the Python Programming Language and the Python Qt GUI library , the program is able to crack and recover WEP/WPA/WPS keys and also run other network based attacks on wireless or ethernet based networks Fer...