Facebook Opens ThreatExchange Information Sharing Platform

Facebook, with its giant infrastructure and its equally wide view into Internet attacks, has built an information-sharing platform that it hopes will entice other big technology companies to join and contribute threat data and indicators of compromise. The platform, called ThreatExchange, already...

APT28 — State Sponsored Russian Hacker Group

Nearly a decade-long cyber espionage group that targeted a variety of Eastern European governments and security-related organizations including the North Atlantic Treaty Organization NATO has been exposed by a security research firm. The US intelligence firm FireEye released its latest Advanced...

CVE-2014-4351

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted audio samples in an m4a file...

Buffer overflow

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted audio samples in an m4a file...

CVE-2014-4351

Buffer overflow in QuickTime in Apple OS X before 10.10 allows remote attackers to execute arbitrary code or cause a denial of service application crash via crafted audio samples in an m4a file...

Flash Zero Day Used to Target Victims in Syria

A couple days after Microsoft warned users about a new vulnerability in Internet Explorer that’s being used in targeted attacks, Adobe on Monday said that researchers have discovered a zero day in Flash, as well, which attackers are using to target victims in Syria through a watering hole attack ...

Office”combination”formula exploits the sample analysis-vulnerability warning-the black bar safety net

by hcl, nine8 of code audit labs of vulnhunt.com 1 Overview Online disclosure of a suspected CVE-2 0 1 4-1 7 6 1 RTF sample, hanhai source analysis found that the sample is not a CVE-2 0 1 4-1 7 6 1, but in a RTF sample includes both the two vulnerabilities, respectively, for the CVE-2 0 1 2-0 1 ...

DEBIAN-CVE-2013-0856

The lpcprediction function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via crafted Apple Lossless Audio Codec ALAC data, related to a large nbsamples value...

CVE-2013-0855

Integer overflow in the alacdecodeclose function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec ALAC data, which triggers an out-of-bounds array access...

CVE-2013-0855

Integer overflow in the alacdecodeclose function in libavcodec/alac.c in FFmpeg before 1.1 allows remote attackers to have an unspecified impact via a large number of samples per frame in Apple Lossless Audio Codec ALAC data, which triggers an out-of-bounds array access...

Counter.php Redirecting to Sites Peddling Styx Exploit Kit

The Counter.php strain of malware has been spotted in the past redirecting users to a handful of malicious sites and now appears to be leveraging that ability to send victims to websites serving up the Styx exploit kit. According to a post on Securelist today, Vincente Diaz, a researcher with...

Gallery Server Pro - Arbitrary File Upload

Gallery Server Pro - Arbitrary File Upload source: https://www.securityfocus.com/bid/59831/info Gallery Server Pro is prone to a vulnerability that lets attackers upload arbitrary files. An attacker may leverage this issue to upload arbitrary files to the affected computer; this can result in...

Gallery Server Pro File Upload Filter Bypass Vulnerability

Gallery Server Pro suffers from a file upload filter bypass vulnerability. , , . .' '. ', . , '. , ., , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / / .-. / /:wq x.0 '=.|w|.=' ='"=. presents.. Gallery Server Pro File Upload Filter Bypass Vendor Link:...

Inside the Targeted Attack on The New York Times

The Chinese group behind the targeted attack on the New York Times was laser focused on accessing the email of a reporter and the newspaper’s former Beijing bureau chief to the point that it used an inordinate number of custom malware samples to get the job done. “In terms of statistics, 45 custo...

BigDump 0.32b XSS / Shell Upload / SQL Injection

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= INDEPENDENT SECURITY RESEARCHER PENETRATION TESTING SECURITY -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Author: Ur0b0r0x Tiwtte: @Ur0b0r0x Email: [email protected] Line: GreyHat Home: cyberpunk-ur0x.blogspot.com Exploit Title: BigDump ver.0.32b - Arbitrary Upload /...

Idel4 SQL Injection / Cross Site Scripting

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 x Official Website: http://www.1337day.com 0 1 x...

Oracle Business Transaction Management FlashTunnelService - Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Oracle Business Transaction Managemen...

CVE-2012-2792

Unspecified vulnerability in the decodeinit function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame...

CVE-2012-2792

Unspecified vulnerability in the decodeinit function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame...

Design/Logic Flaw

Unspecified vulnerability in the decodeinit function in libavcodec/wmalosslessdec.c in FFmpeg before 0.11 has unknown impact and attack vectors, related to the samples per frame...