CVE-2015-7248

CVE-2015-7248 affects ZTE ZXHN H108N R1A and ZXV10 W300 routers. The vulnerability enables information exposure by allowing remote attackers to read the cgi-bin/webproc HTML source and obtain usernames and password hashes. This is a separate issue from CVE-2015-8703. Public sources in the connect...

CVE-2015-7248

ZTE ZXHN H108N R1A devices before ZTE.bhs.ZXHNH108NR1A.kPE allow remote attackers to discover usernames and password hashes by reading the cgi-bin/webproc HTML source code, a different vulnerability than CVE-2015-8703...

Seemingly tasteless ESPCMS background injected, can actually be a lot of fun-vulnerability warning-the black bar safety net

Yesterday, the black bar safety net loophole platform exposes a ESPCMS of injection vulnerabilities, Ali cloud computing security attack and defense against a team of friends first time on the vulnerability to do an impact assessment. Did not think need to login to the backend before it can be...

Employee Stole 'Yandex Search Engine' Source Code, Tried to Sell it for Just $29K

A former employee of Russian search engine Yandex allegedly stole the source code and key algorithms for its search engine site and then attempted to sell them on the black market to fund his own startup. Russian publication Kommersant reports that Dmitry Korobov downloaded a type of software...

PHP code auditing tool Rips Scanners v0. 5 aeration local file inclusion vulnerability-vulnerability warning-the black bar safety net

! RIPS is a php source code analysis tool, which uses static analysis technology to automate the mining of the PHP source code for potential security vulnerabilities. Penetration testers can directly easily review the results of the analysis, without review of the entire program code. Since stati...

Rips Scanners（0.5）aeration a local file inclusion vulnerability-vulnerability warning-the black bar safety net

RIPS is a php source code analysis tool, which uses static analysis technology to automate the mining of the PHP source code for potential security vulnerabilities. Penetration testers can directly easily review the results of the analysis, without review of the entire program code. Since static...

Radancy: Application error message

Request GET / HTTP/1.1 Host: 12345'"'";|%00%0d%0a%bf%27' Referer: https://serverhk.maximum.com:443/ Connection: Keep-alive Accept-Encoding: gzip,deflate User-Agent: Opera/9.80 Windows NT 6.0; U; en Presto/2.8.99 Version/11.10 Accept: / Response HTTP/1.1 500 Internal Server Error Server:...

NetShen E-commerce System Exists IIS Write Permission, Source Code Leakage Vulnerabilities

NetShen Information Technology Beijing Co., Ltd. is a high-tech information security solution, product and service provider integrating technology research and development, manufacturing and comprehensive service. NetShen's e-commerce system suffers from IIS write permission and source code leaka...

Katana - Framework for Hackers, Professional Security and Developers

Katana is a framework written in python for making penetration testing, based on a simple and comprehensive structure for anyone to use, modify and share, the goal is to unify tools serve for professional when making a penetration test or simply as a routine tool, The current version is not...

Google Plans to End Chrome for 32-bit Linux, Releases Chrome 47

Google announced this week it will end Chrome support for older, 32-bit Linux distributions early next year and will maintain the browser on more popular distributions of the software. Specifically Google plans to stop pushing updates and security fixes to those running Chrome on 32-bit Linux,...

[SECURITY] Fedora 23 Update: python-pygments-2.0.2-3.fc23

Pygments is a generic syntax highlighter for general use in all kinds of software such as forum systems, wikis or other applications that need to prettify source code. Highlights are: a wide range of common languages and markup formats is supported special attention is paid to details that increa...

[SECURITY] Fedora 22 Update: wildmagic5-5.13-12.fc22

A library of source code for computing in the fields of graphics, mathematics, physics, and image analysis. Web page documentation: http://www.geometrictools.com/Documentation/Documentation.html...

muymacho---dyld_root_path exploit analysis-exploit warning-the black bar safety net

from: muymachois a vulnerability in the use of tools. Exists in Mac OS X 10.10.5dyldthe bug can be used to extract right to the root. In the latest chief stone of EI Capitan 10.11 in has been patched. This is an interesting bug, the use of the process is also a lot of fun. The present article aim...

WAP - Web Application Protection

WAP is a source code static analysis and data mining tool to detect and correct input validation vulnerabilities in web applications written in PHP version 4.0 or higher with a low rate of false positives. WAP detects and corrects the following vulnerabilities: SQL Injection SQLI Cross-site...

Deliberately Insecure Web Application: OWASP WebGoat

WebGoat is a deliberately insecure web application maintained by OWASP designed to teach web application security lessons. You can install and practice with WebGoat in either J2EE or WebGoat for .Net in ASP.NET. In each lesson, users must demonstrate their understanding of a security issue by...

Drupal 8.0.0 Beta 14 Cross Site Scripting

Overview Recently, I was playing around with the Drupal CMS application code. Drupal is an open source CMS application widely used for blog posting purpose, Further details, to know more about Drupal here . Open source application advantage being, the source code was at my disposal. While fiddlin...

Format string

Omron CX-One CX-Programmer before 9.6 uses a reversible format for password storage in project source-code files, which makes it easier for local users to obtain sensitive information by reading a file...

QARK - Tool to look for several security related Android application vulnerabilities

Q uick A ndroid R eview K it - This tool is designed to look for several security related Android application vulnerabilities, either in source code or packaged APKs. The tool is also capable of creating "Proof-of-Concept" deployable APKs and/or ADB commands, capable of exploiting many of the...

IBC Solar ServeMaster Source Code Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A source code vulnerability exists in IBC Solar ServeMaster. An attacker could exploit this vulnerability to obtain source code for executable scripts...

CVE-2015-6474

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...