CVE-2013-4872

Google Glass before XE6 does not properly restrict the processing of QR codes, which allows physically proximate attackers to modify the configuration or redirect users to arbitrary web sites via a crafted symbol, as demonstrated by selecting a Wi-Fi access point in order to conduct a...

Millions of Phonebook records stolen from Truecaller Database

TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version 3.5.1 of blogging software WordPress for its web interface and there are millions of Phonebook records...

Oracle Linux 6 : ruby (ELSA-2011-0910)

The remote Oracle Linux 6 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2011-0910 advisory. - Address CVE-2011-1004 'Symlink race condition by removing directory trees in fileutils module' ruby-1.8.7-CVE-2011-1004.patch - Address CVE-2011-1005...

strange_http_codes

Analyze HTTP response codes sent by the remote web application and report uncommon findings. Plugin type Grep Options This plugin doesnt have any user configured options. Source For more information about this plugin and the associated tests, theres always the source code to understand exactly...

Twitter Enables Two-Factor Authentication

Responding to a wave of high-profile account takeovers in recent months, Twitter has implemented a phone-based two-factor authentication scheme that will require a numerical code along with a username and password when users log in to their accounts. The feature, known as login verification, is...

Sixnet Universal Protocol Undocumented Function Codes (Update B)

OVERVIEW This updated advisory is a follow-up to the updated advisory titled ICSA-13-231-01A Sixnet Universal Protocol Undocumented Function Codes that was published August 26, 2013, on the ICS-CERT Web page. --------- Begin Update B Part 1 of 1 -------- Researchers Kyle Stone and Mehdi Sabraoui...

Name.com Data Breach Forces Password Breach

Domain registrar Name.com has informed its customers via email of a data breach and asked them to reset their passwords. The company, based in Denver, said it discovered a breach and customer account information such as encrypted credentials and credit card numbers may have been accessed along wi...

CVE-2013-2264

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition BE C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits...

CVE-2013-2264

The SIP channel driver in Asterisk Open Source 1.8.x before 1.8.20.2, 10.x before 10.12.2, and 11.x before 11.2.2; Certified Asterisk 1.8.15 before 1.8.15-cert2; Asterisk Business Edition BE C.3.x before C.3.8.1; and Asterisk Digiumphones 10.x-digiumphones before 10.12.2-digiumphones exhibits...

Apple Adds Two-Factor Authentication to iTunes Accounts

Apple has introduced a new two-factor authentication system designed to help protect users’ iTunes and App Store accounts and prevent attackers or unauthorized users from taking over users’ accounts. The system is similar to the one that Google has implemented for Gmail, utilizing verification...

Apple adds two-factor authentication to iCloud and Apple ID

Apple is beefing up the security of its iCloud and Apple ID accounts by adding two-factor authentication to the account login process. Users who activate the option will be required to enter a four-digit code they may receive via SMS message, aside from the usual password. Two-factor authenticati...

Vulnerability in VMware VMCI.sys Could Allow Local Elevation of Privilege

Executive Summary Microsoft is providing notification of the discovery and remediation of a vulnerability affecting VMware Workstation version 8.0.4 and earlier versions. Microsoft discovered and disclosed the vulnerability under coordinated vulnerability disclosure to the affected vendor, VMware...

CVE-2012-6522

CVE-2012-6522 describes a directory traversal vulnerability in w-CMS 2.01 . The issue resides in the getContent function of codes/wcms.php , where an attacker can cause the system to read arbitrary files by supplying a ".." path segment in the p parameter. The vulnerability is triggered remotely ...

Multiple Cross-Site Scripting (XSS) in glFusion

High-Tech Bridge Security Research Lab discovered multiple XSS vulnerabilities in glFusion, which can be exploited to perform Cross-Site Scripting attacks. glFusion has a "badbehaviour" plugin installed by default that verifies HTTP Referer, aimed to protect against spambots. The plugin also make...

Wordpress plugins - slidedeck2 pro XSS/File Upload Vulnerability

The attacker can inject HTML codes & inject a simple file uploader to upload shell This is private exploit. You can buy it at https://0day.today...

Axway Email Firewall information leakage

Different authentication error codes for existant and non-existant user...

CentOS Update for httpd CESA-2013:0130 centos5

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptxrefname:"URL",...

FreeBSD : ruby -- $SAFE escaping vulnerability about Exception#to_s/NameError#to_s (2a093853-2495-11e2-b0c7-000d601460a4)

The official ruby site reports : Vulnerabilities found for Exceptiontos, NameErrortos, and nameerrmesgtos which is Ruby interpreter-internal API. A malicious user code can bypass $SAFE check by utilizing one of those security holes. Ruby's $SAFE mechanism enables untrusted user codes to run in...

Internet Explorer 9.10 - XSS Protection Filter Vulnerabilities

Document Title: =============== Internet Explorer 9.10 - XSS Protection Filter Vulnerabilities References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=729 Release Date: ============= 2012-10-19 Vulnerability Laboratory ID VL-ID:...

Mail.RU Group eMail - Persistent Web Vulnerability

Document Title: =============== Mail.RU Group eMail - Persistent Web Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=709 Release Date: ============= 2012-10-09 Vulnerability Laboratory ID VL-ID: ==================================== 709 Comm...