Code injection

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...

Code injection

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors...

CVE-2015-6474

The CVE-2015-6474 entry concerns IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an attacker can discover cleartext passwords by viewing the HTML source of web pages. Affected products are web-based SCADA systems; the root cause is improper handling/storage of credentials leading to exposur...

CVE-2015-6474

IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allow remote attackers to discover cleartext passwords by reading HTML source code...

CVE-2015-6469

CVE-2015-6469 affects IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ where an interpreter misconfiguration allows remote disclosure of executable script source code. Affected products are web-based SCADA systems; attacker could obtain source code via unspecified vectors. ICS-CERT reports no patc...

CVE-2015-6469

The interpreter in IBC Solar ServeMaster TLP+ and Danfoss TLX Pro+ allows remote attackers to discover script source code via unspecified vectors...

Checkmarx CxSAST Sandbox Bypass Vulnerability

Checkmarx CxSAST formerly CxSuite is a source code analysis SCA solution developed by Checkmarx, Inc. in the United States. The solution provides features such as identifying and tracking application layer security vulnerabilities and showing where and how to fix them. A security vulnerability...

PageAdmin v3.0 /e/database/v3.mdb 数据库泄漏

PageAdmin CMS V3.0版，默认数据库地址“/e/database/v3.mdb“，默认后台地址：“/e/master/login.aspx”，由于数据库地址未做限制，导致可以下载。通过逆向管理员MD5加密算法获得md5密文，并通过md5密文可以破解管理员密码。发现非常规MD5加密，于是使用ILSPY逆向源代码，查看加密方式public string GetMd5string s MD5 mD = new MD5CryptoServiceProvider; Encoding encoding = Encoding.GetEncoding"UTF-8"; string s2 =...

FreeBSD-SA-15:23.bind

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-15:23.bind Security Advisory The FreeBSD Project Topic: BIND remote denial of service vulnerability Category: contrib Module: bind Announced: 2015-09-02 Credits...

FreeBSD Security Advisory FreeBSD-SA-15:21.amd64

============================================================================= FreeBSD-SA-15:21.amd64 Security Advisory The FreeBSD Project Topic: Local privilege escalation in IRET handler Category: core Module: sysamd64 Announced: 2015-08-25 Credits: Konstantin Belousov, Andrew Lutomirski Affect...

New Android Smartphones will Come with Fewer Pre-installed Apps

A sigh of relief indeed! Google is finally listening to us; it is ditching its haunting bloatware from the upcoming Android smartphones and tablets. As per the current situation, our Android devices are attacked with Google's suite of apps like Google Play Games, Google Newsstand, Google Play...

Ashley Madison 2.0 — Hackers Leak 20GB Data Dump, Including CEO's Emails

The Impact Team – Wait, Cheaters! We haven't yet done. The group of hackers behind the breach of Ashley Madison, the popular cheater's dating service, have released a second, even much bigger 'cheat sheet' exposing sensitive materials that include sensitive corporate information. Two days ago, th...

Windows x86 - user32!MessageBox "Hello World!" 199 Bytes Null-Free

Windows x86 - user32!MessageBox "Hello World!" 199 Bytes Null-Free. Shellcode exploit for win32 platform / This file was automatically generated by mkhex.sh, which, together with the complete and heavily commented assembly source code for this shellcode, is available at...

FreeBSD Security Advisory FreeBSD-SA-15:19.routed

============================================================================= FreeBSD-SA-15:19.routed Security Advisory The FreeBSD Project Topic: routed8 remote denial of service vulnerability Category: core Module: routed Announced: 2015-08-05 Credits: Hiroki Sato Affects: All supported version...

Then the probe Stagefright vulnerability: on POC with the EXP-bug warning-the black bar safety net

Foreword In before the topic--Stagefright vulnerability: a preliminary study, we determined the vulnerability of the generating position, and then the whole article just stopped short. This vulnerability after all the impact is very deep, and some details do not know when to speak improper to...

Initiate--Stagefright vulnerability of the century-vulnerability and early warning-the black bar safety net

0x00 sequence Last night shocked Stagefright broke significant vulnerabilities can result in remote code execution, even clockwork MMS, it is possible the invasion of the user mobile device. This sounds but a rare case of a large vulnerability., as security personnel, nature good steak with a ste...

This $10 Device Can Clone RFID-equipped Access Cards Easily

Are you the one who simply punch your wallet against a reader to get into your office? Then surely your office is using Radio-Frequency Identification RFID cards to manage building access and security. However, these most common access control systems are incredibly easy to hack — and now more th...

BWA - OWASP Broken Web Applications Project

A collection of vulnerable web applications that is distributed on a Virtual Machine. Description The Broken Web Applications BWA Project produces a Virtual Machine running a variety of applications with known vulnerabilities for those interested in: learning about web application security testin...

[SECURITY] Fedora 22 Update: cryptopp-5.6.2-9.fc22

Crypto++ Library is a free C++ class library of cryptographic schemes. See http://www.cryptopp.com/ for a list of supported algorithms. One purpose of Crypto++ is to act as a repository of public domain not copyrighted source code. Although the library is copyrighted as a compilation, the...

Hacking Team Spyware preloaded with UEFI BIOS Rootkit to Hide Itself

Last Week someone just hacked the infamous Hacking Team, The Italy-based cyber weapons manufacturer and leaked a huge trove of 400GB internal data, including: Emails Hacking tools Zero-day exploits Surveillance tools Source code for Spyware A spreadsheet listing every government client with date ...