98 matches found
Privacy of Millions of HTC devices at risk
More than 18 million smartphones and other mobile devices made by HTC are at risk vulnerable to many security and privacy issue. The Federal Trade Commission charged HTC with customizing the software on its Android- and Windows based phones in ways that let third-party applications install softwa...
[SE-2012-01] Security vulnerabilities in Java SE
Dear Bugtraq, Security Explorations, a security and vulnerability research company from Poland, discovered multiple security issues in the latest version of Java Platform Standard Edition Java SE 1 software coming from Oracle Corporation 2. Discovered security issues violate many "Secure Coding...
Mobile Apps Space A 'Wild West' For Enterprises
SAN FRANCISCO – Companies that are hoping to catch a ride on the mobile wave should pay close attention to the application development firms they choose to work with, unless they want to be saddled with a buggy and insecure albatross bearing their corporate logo, a leading application security...
DHS Unveils Effort to Focus on Software Security
The long string of attacks against popular Web sites, high-profile companies such as Sony, and government networks has brought the problem of common and easily exploitable vulnerabilities into the public eye, and the Department of Homeland Security today is unveiling a new effort to help address...
Twitter and Adobe Struggle With Security
By Roel Schouwenberg On Tuesday we got another DDoS attack on Twitter. A lot of people are asking why Twitter doesn’t seem to be coping with attacks like these. And at the same time there are more and more people jumping on the bandwagon saying stay away from Adobe products. What’s the link? Two...
Johnathan Nightingale on Mozilla's secure coding practices
Mozilla’s “human shield” Johnathan Nightingale talks with Threatpost’s Robert Vamosi about secure software practices at RSA 2009...
Should Microsoft be in the security business?
Gartner security analyst Neil MacDonald thinks there are five levels to the discussion gartner.com about whether Microsoft should be in the security business. They include secure coding obviously, secure functionality in the platform at no cost of course, add-on security products at a fee maybe a...
Ethereal 0.9.1 - 0.10.12 SLIMP3 Remote Buffer Overflow PoC
No description provided by source. etherealslimp3bof.py Ethereal SLIMP3 Remote Buffer Overflow PoC Bug Discoverd by Vendor? 2005-10-19 Coded by Sowhat http://secway.org 2005-10-20 This PoC will crash the Ethereal Tested with Ethereal 0.10.12, WinPcap 3.1 beta4, WinXP SP2 For educational purpose...
Opinion: Complete failure of Oracle security response and utter neglect of their responsibility to their customers
Dear security community and Oracle users, Many of my customers run Oracle. Much of the U.K. Critical National Infrastructure relies on Oracle; indeed this is true for many other countries as well. I know that there's a lot of private information about me stored in Oracle databases out there. I ha...
fishcartSQLXSS.txt
------=NextPart001005A01C55049.DEF610F0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: quoted-printable Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers,...
[Bday release] Comersus shopping cart has multiple Sql injection and Cross Site Scripting vulnerabilities
Dcrab 's Security Advisory http://www.dbtech.org Deadbolt Computer Technologies SPECIAL BIRTHDAY RELEASE, 18TH BIRTHDAY RELEASE FOR DIABOLIC CRAB, YOU CAN SEND EMAILS TO [email protected] Get Dcrab's Services to audit your Web servers, scripts, networks, etc or even code them. Learn more at...
Authenticaion bypass, Directory transversal and XSS vulnerabilities in PayProCart 3.0 - Profitcode Software
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Dcrab 's Security Advisory Hsc Security Group http://www.hackerscenter.com/ dP Security http://digitalparadox.org/ Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah Severity...
Multiple sql injection, and xss vulnerabilities in Pay pal Storefront
Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: High Title: Multiple sql injection, and xss vulnerabilities in Pay pal Storefront Date: March 25, 2005 Summary: There are multiple sql injection, xss vulnerabilities in the Pay pal Storefront...
Multiple sql injection, and xss vulnerabilities in PortalApp
Dcrab 's Security Advisory http://icis.digitalparadox.org/dcrab http://www.hackerscenter.com/ Severity: Medium Title: Multiple sql injection, and xss vulnerabilities in PortalApp. Date: March 30, 2005 Vendor: AspApp Vendor site: http://www.aspapp.com Summary: There are multiple sql injection, xss...
XSS in Tek-Tips Forum
hello 3APA3A ZUD SECURITY TEAM PRESENT bug found by nimber Email : [email protected] Site: www.zudteam.org HomePage: www.nimber.plux.ru 11.08.2003 Name: Tek-Tips Forum Web Site: www.tek-tips.com Bug: XSS Vulnerability. Exploitexaple:...
@(#)Mordred Labs advisory 0x0004: Multiple buffer overflows in PostgreSQL.
//@ Mordred Labs advisory 0x0004 Release data: 20/08/02 Name: Two buffer overflows in PostgreSQL Versions affected: all versions Conditions: multibyte support Risk: average -- Description: I guess all of you already hear about the PostgreSQL. If not, try to visit...
rsync <= 2.5.1 Remote Exploit (2)
No description provided by source. / 7350rsync - rsync include include include include include include include include include include define MAXPATHLEN 4096 define VERSION "@RSYNCD: 26\n" define PORT 873 define NULLOFFSET -48 define STARTNULLBRUTE -44 define ENDNULLBRUTE -56 define BRUTEBASE...
Sudo version 1.6.3p6 now available
Sudo version 1.6.3p6 is now available ftp sites listed at the end. This fixes a buffer overflow in sudo which is a potential security problem. I don't know of any exploits that currently exist but I suggest that you upgrade none the less. Sudo has a good track record wrt secure coding, but this o...