5327 matches found
Facebook Fixes Instagram Vulnerability That Opened 1M Accounts to Compromise
Facebook was quick to fix an issue earlier this month that could’ve let an attacker break into four percent of all active, locked Instagram accounts, meaning it affected approximately one million users. Belgium-based IT security consultant Arne Swinnen discovered the issue two weeks ago when he...
Comodo - PackMan Unpacker Insufficient Parameter Validation
Source: https://bugs.chromium.org/p/project-zero/issues/detail?id=764 Packman is an obscure opensource executable packer that Comodo Antivirus attempts to unpack during scanning. The code is available online here: http://packmanpacker.sourceforge.net/ If the compression method is set to algorithm...
Shopify: Shopify GitHub Login and Password exposed all private source code might be available.
Sello com.shopify.Sello https://itunes.apple.com/us/app/sello/id947038847?mt=8 ios Mobile Application Versions 1.0.1, 1.1, 1.1.2, 1.1.3, 1.2, Podfile left inside application exposes GitHub Password for Shopify. username: shopify-dep password: 1910c92631a81a4c41dafbf96d537e3f24506b11 Impact: Acces...
FreeBSD-SA-16:14.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:14.openssh Security Advisory The FreeBSD Project Topic: OpenSSH xauth1 command injection Category: contrib Module: OpenSSH Announced: 2016-03-16 Credits:...
How to understand stack and heap overflow exploits-a vulnerability warning-the black bar safety net
This article is a detailed description of the heap,and will teach you how to write a heap-based overflow vulnerability. Run the following program: include include include int mainint argc, char argv char buf1 = malloc1 2 8; char buf2 = malloc2 5 6; read's filenostdin, buf1, 2 0 0; freebuf2;...
Java RMI services remote command execution exploit-vulnerability warning-the black bar safety net
Java RMI service is a remote method call Remote Method Invocation in. It is a mechanism that is able to make in a java virtual machine on the object calling another Java virtual machine object. In Java Web, many places will use RMI to communicate with each other to call. For example, many large...
Microsoft Windows - NetAPI32.dll Code Execution (Python) (MS08-067) Exploit
Exploit for windows platform in category remote exploits EDB-Note: Source https://raw.githubusercontent.com/ohnozzy/Exploit/master/MS08067.py import struct import time import sys from threading import Thread Thread is imported incase you would like to modify try: from impacket import smb from...
GM Bot Banking Malware Source Code Leak
Source code for the potent Android malware GM Bot has been leaked to underground forums, according to IBM security experts. The impact, IBM X-Force threat intelligence says, will be an uptick in GM Bot variants and the number of attacks targeting financial applications on Android-based devices...
GM Bot (Android Malware) Source Code Leaked Online
The source code of a recently discovered Android banking Trojan that has the capability to gain administrator access on your smartphone and completely erase your phone's storage has been LEAKED online. The banking Trojan family is known by several names; Security researchers from FireEye dubbed i...
File upload vulnerability example analysis-vulnerability warning-the black bar safety net
Principles File upload is a Web application that often appear in the function,it allows users to upload files to the server and saved to a specific location. This security is a very sensitive issue, once the malicious program is uploaded to the server and get the Execute permission, the...
Microsoft Windows WebDAV BSoD Proof Of Concept
/ Source: https://github.com/koczkatamas/CVE-2016-0051 Proof-of-concept BSoD Blue Screen of Death code for CVE-2016-0051 MS-016. Full Proof of Concept: https://github.com/koczkatamas/CVE-2016-0051/archive/master.zip...
Nexus Security Bulletin - February 2016Stay organized with collectionsSave and categorize content based on your preferences.
We have released a security update to Nexus devices through an over-the-air OTA update as part of our Android Security Bulletin Monthly Release process. The Nexus firmware images have also been released to the Google Developer site. Builds LMY49G or later and Android M with Security Patch Level o...
GDB-Dashboard - Modular Visual Interface For Gdb In Python
Modular visual interface for GDB in Python. This comes as a standalone single-file .gdbinit which, among the other things, enables a configurable dashboard showing the most relevant information during the program execution. Its main goal is to reduce the number of GDB commands issued to inspect t...
Internet Bug Bounty: Integer overflow in wordwrap
https://github.com/php/php-src/pull/1738issuecomment-174260748...
FreeBSD-SA-16:07.openssh
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:07.openssh Security Advisory The FreeBSD Project Topic: OpenSSH client information leak Category: contrib Module: openssh Announced: 2016-01-14 Credits:...
FreeBSD-SA-16:01.sctp
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:01.sctp Security Advisory The FreeBSD Project Topic: SCTP ICMPv6 error message vulnerability Category: core Module: SCTP Announced: 2016-01-14 Credits:...
FreeBSD-SA-16:06.bsnmpd
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-16:06.bsnmpd Security Advisory The FreeBSD Project Topic: Insecure default snmpd.config permissions Category: contrib Module: bsnmpd Announced: 2016-01-14...
Packet Capture Utility: Stenographer
Stenographer is a full-packet-capture utility for buffering packets to disk for intrusion detection and incident response purposes. It provides a high-performance implementation of NIC-to-disk packet writing, handles deleting those files as disk fills up, and provides methods for reading back...
AVM FRITZ!Box 6.30 - Remote Buffer Overflow
AVM FRITZ!Box 6.30 - Remote Buffer Overflow Advisory: AVM FRITZ!Box: Remote Code Execution via Buffer Overflow RedTeam Pentesting discovered that several models of the AVM FRITZ!Box are vulnerable to a stack-based buffer overflow, which allows attackers to execute arbitrary code on the device...
Code injection
ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...