CVE-2016-3078 PHP ZipArchive Integer Overflow analysis-vulnerability warning-the black bar safety net

This vulnerability range is PHP 7.0.6 version before PHP 7. the x version. PHP source code can be here to, PHP source code architecture PHP source code of the core library is in the Zend directory. Responsible for the php script parsing, execution and other core functions. TSRM directory is on yo...

Authentication flaw

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

CVE-2017-6558

iball Baton 150M iB-WRA150N v1 00000001 1.2.6 build 110401 Rel.47776n devices are prone to an authentication bypass vulnerability that allows remote attackers to view and modify administrative router settings by reading the HTML source code of the password.cgi file...

Rockstar Games: Source Code Disclosure (CGI)

Hello guys. I would like to share with you my discovery. The fact is that at: https://www.rockstargames.com/gta/game/highscores.cgi Anyone can see the source code of the script F166966 check please Regards @d1v3r...

Android Security Bulletin—March 2017Stay organized with collectionsSave and categorize content based on your preferences.

The Android Security Bulletin contains details of security vulnerabilities affecting Android devices. Alongside the bulletin, we have released a security update to Google devices through an over-the-air OTA update. The Google device firmware images have also been released to the Google Developer...

Deluge Web UI 1.3.13 - Cross-Site Request Forgery

Deluge Web UI 1.3.13 - Cross-Site Request Forgery !-- Remote code execution via CSRF vulnerability in the web UI of Deluge 1.3.13 Kyle Neideck, February 2017 Product ------- Deluge is a BitTorrent client available from http://deluge-torrent.org. Fix --- Fixed in the public source code, but not in...

HEVD kernel vulnerability training-with Windows play-bug warning-the black bar safety net

For this training of the research study will kernel vulnerability principle, the use of the way, under Windows many common data structures have a preliminary understanding, from the open Ring0 gate. HEVD project address: https://github.com/hacksysteam/HackSysExtremeVulnerableDriver For the kernel...

Torvalds Downplays SHA-1 Threat to Git

When researchers demonstrated the first practical collision attack for the cryptographic hash function SHA-1 last week, they also identified related vulnerabilities impacted by the now-compromised algorithm. According to the SHAttered research post, co-authored by Google and a host of cryptograph...

SPARTA - Network Infrastructure Penetration Testing Tool

SPARTA is a python GUI application which simplifies network infrastructure penetration testing by aiding the penetration tester in the scanning and enumeration phase. It allows the tester to save time by having point-and-click access to his toolkit and by displaying all tool output in a convenien...

Windows Botnet Spreading Mirai Variant

A Chinese-speaking attacker is spreading a Mirai variant from a repurposed Windows-based botnet. Researchers at Kaspersky Lab published a report today, and said the code was written by an experienced developer who also built in the capability to spread the IoT malware to Linux machines under...

JSP Source Code Leakage

undertow is vulnerable to JSP source code leakage. This is because the source code of a JSP is downloaded/displayed when a trailing slash is added to a JSP URL...

A Typo in Zerocoin's Source Code helped Hackers Steal ZCoins worth $585,000

Are you a programmer? If yes, then you would know the actual pain of... "forgetting a semicolon," the hide and seek champion since 1958. Typos annoy everyone. Remember how a hacker's typo stopped the biggest bank heist in the history, saved $1 billion of Bangladesh bank from getting stolen. But...

Websites Can Now Track You Online Across Multiple Web Browsers

You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web "fingerprinting" techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed...

Boozt Fashion AB: Application code is not obfuscated -- OWASP M9 (2016)

Description : Boost android app is not obfuscated which lead to view the source code of the app. Impact : Attackers can steal code and reuse it or sell it to create new application or create a malicious fake application based on the initial one. POC : Step 1 : First, I did the basic reverse...

Fedora 25 : ghostscript (2017-15f85f1cf1)

This is a security update for these CVEs : - CVE-2016-9601 - Heap-buffer overflow in jbig2imagenew function This update also solves possible licensing issues with ghostscritpt's source code. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora...

Linux - Multi/Dual mode execve("/bin/sh", NULL, 0) Shellcode (37 bytes)

Linux - Multi/Dual mode execve"/bin/sh", NULL, 0 Shellcode 37 bytes. Shellcode exploit for Linux platform / Copyright © 2017 Odzhan. All Rights Reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following conditions are met:...

Source Code for another Android Banking Malware Leaked

Another bad news for Android users — Source code for another Android banking malware has been leaked online via an underground hacking forum. This newly discovered banking Trojan is designed to steal money from bank accounts of Android devices' owners by gaining administrator privileges on their...

Newly Discovered Mac Malware with Ancient Code Spying on Biotech Firms

Security researchers have discovered a rare piece of Mac-based espionage malware that relies on outdated coding practices but has been used in some previous real-world attacks to spy on biomedical research center computers. Dubbed Fruitfly, the malware has remained undetected for years on macOS...

Legacy Opera Presto source code appearance in online sharing sites

Security Legacy Opera Presto source code appearance in online sharing sites Share January 18th, 2017 Opera recently became aware that source code from our legacy browser engine, Presto, has appeared in some online code and file sharing sites. This code is the property of Opera Software and has be...