Cellular communications network discovery security vulnerabilities allow others to monitor the dead calls or intercept text messages-vulnerability warning-the black bar safety net

German researchers in a cellular communication network widely used on the VII signaling system SS7, Signaling System Number 7 on the discovery of a security vulnerability, allowing spies, hackers and criminals potential large-scale monitoring of private phone calls and intercept text messages...

Hackers Can Read Your Private SMS and Listen to Phone Calls

Security researchers have discovered a massive security flaw that could let hackers and cybercriminals listen to private phone calls and read text messages on a potentially vast scale – no matter if the cellular networks use the latest and most advanced encryption available. The critical flaw lie...

Google Document Embedder 2.5.16 SQL Injection

Exploit Title : Google Document Embedder 2.5.16 mysqlrealescpaestring bypass SQL Injection Data : 2014 – 12 -03 Exploit Author : Securely Yoo Hee man Plugin : google-document-embedder Fixed version : N/A Software Link : https://downloads.wordpress.org/plugin/google-document-embedder.2.5.16.zip 1...

Internet Voting Hack Alters PDF Ballots in Transmission

Threats to the integrity of Internet voting have been a major factor in keeping the practice to a bare minimum in the United States. On the heels of the recent midterm elections, researchers at Galois, a computer science research and development firm in Portland, Ore., sent another reminder to...

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

As Net Neutrality debates swirl, privacy advocates at the Electronic Frontier Foundation and VPN provider Golden Frog have gone public with a Federal Communications Commission filing that got more attention for accusations that Verizon FIOS customers were having their Netflix streaming service...

CVE-2014-3610

The WRMSR processing functionality in the KVM subsystem in the Linux kernel through 3.17.2 does not properly handle the writing of a non-canonical address to a model-specific register, which allows guest OS users to cause a denial of service host OS crash by leveraging guest OS privileges, relate...

CVE-2014-7587

The Blocked in Free aka com.blueup.blocked application 1.0 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

HackerOne: Ability to see common response titles of other teams (limited)

Hello guys, Not sure what's happening exactly but when I go to my team program dashboard add a new Trigger and then tamper the request and change JSON variable commonresponseid to say 24 and after trigger gets added I see a title of ████████ which is not in my default team template nor added by...

BlackBerry 10 Open to Bug That Allows Malicious App Installation

BlackBerry has patched a vulnerability in its BlackBerry 10 devices that could allow an attacker to intercept users’ traffic to and from the BlackBerry World app store and potentially install malware on a targeted device. The vulnerability is a weakness in the integrity checking system that...

From the DHCP and then dug the broken shell exploits-vulnerability warning-the black bar safety net

Broken shell vulnerabilityShellshockfar-reaching, the use of up seems not so easy, so for the broken shell vulnerability study using the new method will intermittently appear. It is well known, the use of broken shell loophole attacks the Web application has been a popular object of study, and by...

DEBIAN-CVE-2013-4488

libgadu before 1.12.0 does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers...

Люди готовы "на всё" ради бесплатного WiFi

Специалисты из компаний F-Secure, Британского института по информационной безопасности и немецкой компании SySS провели совместное исследование, насколько обычные пользователи готовы подключаться к бесплатному хотспоту, даже если это подключение представляет потенциальную опасность. Для проверки,...

FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps

The Federal Bureau of Investigation FBI has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them. The dodgy cell phone spyware application, dubbed as StealthGenie, monitors victims’ phone...

Session fixation

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2014-3103

The CVE-2014-3103 entry applies to IBM Rational ClearQuest Web. Affected: ClearQuest Web sessions using SSL where the session cookie lacks the Secure attribute, enabling potential interception of cookies transmitted over HTTP. Affected versions include 7.1.x (up to 7.1.2.15), 8.0.x (up to 8.0.0.1...

Apple Launches iOS 8, Fixes Dozens of Security Flaws

Apple has released iOS 8, a massive update to its mobile operating system, that includes fixes for more than 40 security vulnerabilities. Apple is touting iOS 8 as the biggest update to the software since it launched the App Store, and, aside from the security fixes, there are hundreds of new...

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

Using QQ panel login authentication is not strictly+Arp sniffing to login within the network of the other QQ space,Weibo, etc free password-vulnerability warning-the black bar safety net

This can be said that there is no technical content,just saying an idea,first simple demo. 1. Open burp set up the browser proxy and then under the QQ panel, QQ space fast landing you can see the burp intercept,is the intercept of this segment of the RUL ! 2. Put this URL copy the following down ...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...