490 matches found
Automating Social Engineering in MiTM Attacks
French researchers have developed an automated social engineering tool that uses a man-in-the middle attack and strikes up online conversations with potential victims. Read the full article. Dark Reading...
Fedora Update for sahana FEDORA-2010-6379
Check for the Version of sahana OpenVAS Vulnerability Test Fedora Update for sahana FEDORA-2010-6379 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the term...
CVE-2010-1037
Cross-site request forgery CSRF vulnerability in HP System Insight Manager before 6.0 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Card Skimming Hits Up to 180 Gas Pumps
Criminals hid bank card-skimming devices inside gas pumps — in at least one case, even completely replacing the front panel of a pump — in a recent wave of attacks that demonstrate a more sophisticated, insidious method of stealing money from unsuspecting victims filling up their gas tanks. Read...
The Unemployed Are Key to Online Job Scams
Even though online job scams have become more convincing as criminals have honed their skills, sometimes victims don’t fall for them – they jump into them. Read the full article. SFGate...
webMathematica XSS Vulnerability
No description provided by source. In some installations, the MSP script of webMathematica is vulnerable to reflected XSS. Just insert a backslash after the script name MSP, which is normally located under the "webMathematica" folder: http://www.example.com/webMathematica/MSP\scriptalert'a'/scrip...
CVE-2009-4297
Multiple cross-site request forgery CSRF vulnerabilities in Moodle 1.8 before 1.8.11 and 1.9 before 1.9.7 allow remote attackers to hijack the authentication of unspecified victims via unknown vectors...
CVE-2009-1757
Cross-site request forgery CSRF vulnerability in Transmission 1.5 before 1.53 and 1.6 before 1.61 allows remote attackers to hijack the authentication of unspecified victims via unknown vectors...
Old phishing sites still sending spam, attracting victims
The cooperative effort of ISPs, security vendors, volunteer groups and other interested parties has helped develop a quick and efficient method for taking down phishing sites, usually within hours or days of their appearance. However, many phishing sites that have been up for a week or more still...
[DR018] Quartz Composer / QuickTime 7 information leakage
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 The canonical URI of this advisory is http://remahl.se/david/vuln/ 018/. This advisory concerns an as-yet unpatched problem in QuickTime 7 on Mac OS X 10.4. The reason for disclosure before a vendor patch is that another person realized the potential...