Elasticsearch FD

Directory traversal vulnerability Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Asus Wireless-N Gigabit Router Information Disclosure

Remote information disclosure Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

IBC Solar ServeMaster Source Code Vulnerability

OVERVIEW Independent researcher Maxim Rupp has identified three vulnerabilities in IBC Solar products. The vulnerabilities are disclosure of applications source code, plain text passwords, and cross site scripting. IBC Solar has not produced a patch to mitigate these vulnerabilities. These...

CVE-2015-4214

Cisco Unified MeetingPlace 8.61.2 and 8.61.9 allows remote authenticated users to discover cleartext passwords by reading HTML source code, aka Bug ID CSCuu33050...

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities

WordPress Plugin Huge-IT Slider 2.7.5 - Multiple Vulnerabilities Exploit Title: WordPress: wordpress huge-it-slider 2.7.5 & Persistent JS-HTML Code injection, Arbitrary slider deletion Date: 2015-06-23 Google Dork: intitle:"index of" intext:"/wp-content/plugins/slider-image/" Exploit Author:...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

Code injection

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

CVE-2015-3949

Sinapsi eSolar Light with firmware before 2.0.3970schsl2.2.85 allows attackers to discover cleartext passwords by reading the HTML source code of the mail-configuration page...

Author Behind Ransomware Tox Calls it Quits, Sells Platform

Earlier this week, when the author behind the crypto-ransomware Locker apologized and released decryption keys for his victims, it seemed like a change of heart, uncharacteristic for an attacker. Now another ransomware creator has also decided to cut his losses and get out of the game – but not...

Using Toys to Open a Fixed-Code Garage Door in 10 Seconds

It may be time to upgrade your garage door opener. Security researcher Samy Kamkar has developed a new technique that enables him to open almost any garage door that uses a fixed code–and he implemented it on a $12 child’s toy. The attack Kamkar devised, known as OpenSesame, reduces the amount of...

Websense Triton 7.8.3/7.7 Source Code Disclosure Vulnerability

Websense Triton is prone to a source code disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Win32k elevation of privilege vulnerability, CVE-2 0 1 5-1 7 0 1-exp-vulnerability warning-the black bar safety net

Win32k elevation of privilege vulnerability – CVE-2 0 1 5-1 7 0 1 If Win32k.sys kernel-mode driver improperly handles objects in memory, then there is a privilege elevation vulnerability. Successful exploitation of this vulnerability an attacker can run arbitrary code in kernel mode is. An attack...

Websense TRITON 7.8 Source Code Disclosure

The version of Websense TRITON running on the remote web server contains a flaw in handling a JSP script request having an appended double quote character. This causes the source code of the script to be returned instead of it being executed. An unauthenticated, remote attacker can exploit this...

Forma LMS 1.3 - Multiple SQL Injections

Forma LMS 1.3 Multiple SQL Injections + Author: Filippo Roncari + Target: Forma LMS + Version: 1.3 and probably lower + Vendor: http://www.formalms.org + Accessibility: Remote + Severity: High + CVE: + Full Advisory: https://www.securenetwork.it/docs/advisory/SN-15-03Formalms.pdf + Info:...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

Microsoft Windows - Local Privilege Escalation (MS15-051)

Microsoft Windows - Local Privilege Escalation MS15-051 Source: https://github.com/hfiref0x/CVE-2015-1701 Win32k LPE vulnerability used in APT attack Original info: https://www.fireeye.com/blog/threat-research/2015/04/probableapt28useo.html Credits R136a1 / hfiref0x Compiled EXE: x86 +...

PHP multipart/form-data remote DOS vulnerability-vulnerability warning-the black bar safety net

PHP parse multipart/form-datahttp request the body part of the request header, the duplicate copy of the string resulting in DOS. A remote attacker by sending a maliciously constructed multipart/form-data requests, causing the server CPU resource is exhausted, so a remote DOS Server. Affect range...

focused Web Crawler: ACHE

ACHE is a focused Web crawler that can be customized to search for pages the belong to a given topic or have a given property. To configure ACHE, you need to: define a topic of interest e.g., Ebola, terrorism, cooking recipes; create a model to detect Web pages that belong to this topic; and...

Upcoming Google Password Alert 1.7 Update Could Disable Phishing Warning Feature

Google Chrome browser's new Anti-Phishing Password Alert extension is in controversies right after its launch last Wednesday, but now the search engine giant has effectively pulled off Password Alert from its store. Password Alert was not bypassed once, twice, but every time Google introduced a n...

Graudit - Find potential security flaws in source code using grep

Graudit is a simple script and signature sets that allows you to find potential security flaws in source code using the GNU utility grep. It's comparable to other static analysis applications like RATS, SWAAT and flaw-finder while keeping the technical requirements to a minimum and being very...