Half of Leading USB Controller Chips Vulnerable to BadUSB

BadUSB hasn’t gone from bad to worse necessarily, but it sure has reached a new state of confusion for security experts and consumers in the crosshairs. Researcher Karsten Nohl, who warned the world during Black Hat last summer that the controller chips in most USB devices could be reprogrammed t...

Linux Bash find significant security vulnerabilities to modify the method-vulnerability warning-the black bar safety net

GMT 9 August 2 5, message, Linux users today and got a“surprise”it! The Red Hat security team on Linux in the widely used Bash shell, found a subtle but dangerous security vulnerabilities. The vulnerability called the“Bash Bug”or“Shellshock”is. When the user normal access, the vulnerability allow...

LoadedCommerce7 - Systemic Query Factory Vulnerability

Loaded Commerce 7 shopping cart/online store suffers from a systemic vulnerability in its query factory, allowing attackers to circumvent user input sanitizing to perform remote SQL injection. Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory:...

LoadedCommerce7 - Systemic Query Factory

Title: LoadedCommerce7 Systemic Query Factory Vulnerability Advisory: http://breaking.technology/advisories/CVE-2014-5140.txt Credits: Discovered by Breaking Technology Research Labs 2014-06-30 Reference: CVE-2014-5140 - Assigned 31 June 2014 Timeline: Vendor notified - 29 July 2014 Vendor...

zAnti - Android Penetration Testing Toolkit (Free!)

zANTI is a comprehensive network diagnostics toolkit that enables complex audits and penetration tests at the push of a button. It provides cloud-based reporting that walks you through simple guidelines to ensure network safety. zANTI offers a comprehensive range of fully customizable scans to...

Vulnerability science: you of weak passwords seriously?-vulnerability warning-the black bar safety net

In today's many places in the user name and password as the authentication of the world, the password of importance you can think and Cicada for. The password is equivalent to entering the house of keys, when the others have one can enter your house keys, think about your safety, your belongings,...

TomatoCart 1.x - SQL Injection

TomatoCart 1.x - SQL Injection Title: TomatoCart v1.x latest-stable Remote SQL Injection Vulnerability Background: TomatoCart is open source ecommerce solution developed and maintained by a number of 64,000+ users from 50+ countries and regions. It's distributed under the terms of the GNU General...

C++11 <regex> insecure by default

C++11 regex insecure by default http://cxsecurity.com/issue/WLB-2014070187 --- 0 Description --- In this article I will present a conclusion of testing the new 'objective regex' in several implementation of standard c++ library like libcxx clang and stdlibc++ gcc. The results show the weakness in...

DEBIAN-CVE-2014-1474

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service CPU consumption via a string without an address...

CVE-2014-1474

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service CPU consumption via a string without an address...

Design/Logic Flaw

Algorithmic complexity vulnerability in Email::Address::List before 0.02, as used in RT 4.2.0 through 4.2.2, allows remote attackers to cause a denial of service CPU consumption via a string without an address...

Avaya IP Office Manager TFTP Server 8.1 - Directory Traversal Vulnerability

No description provided by source. Title : Avaya IP Office Manager TFTP Server Directory Traversal Vulnerability Author : Veerendra G.G from SecPod Technologies www.secpod.com Vendor : http://www.avaya.com/usa/product/ip-office Advisory : http://www.avaya.com/usa/product/ip-office...

MYRE Real Estate Software Multiple Vulnerabilities

No description provided by source. Title : MYRE Real Estate Software Multiple XSS and SQL Injection Vulnerabilities Author : Sooraj K.S SecPod Technologies www.secpod.com Vendor : http://myrephp.com Advisory : http://secpod.org/blog/?p=346 http://secpod.org/advisories/SECPODMRSSQLXSSVuln.txt...

ZeusCart 4.x Remote SQL Injection

On May 27th our research labs discovered a vulnerability CVE-2014-3868 in an e-commerce shopping cart application known as "ZeusCart". The same day, we reported this vulnerability to mitre.org and the CVE was assigned. We were able to get in touch with the vendor with a confirmed response...

openSUSE Security Update : ruby (openSUSE-SU-2012:0228-1)

This update of ruby provides 1.8.7p357, which contains many stability fixes and bug fixes, which are fully compatible with the previous version. You can review the detailed list here : http://svn.ruby-lang.org/repos/ruby/tags/v187357/ChangeLog The particularly noteworthy fixes are : - Hash...

Factlink: Password Complexity very low.

There is only one rule which you have set that minimum characters should be 6. But you need to set robust rule for password quality. Because I was able to set my password 123456 which is really common and anyone can hack it. Recommendation - Provide robust rules including upper lower letters,...

CVE-2013-6955 Synology DSM remote code execution

Products Affected By CVE-2013-6955 Diskstation Manager 4.0 4.2 4.3 4.3-3810 Vendor: Synology Status: Patched webman/imageSelector.cgi in Synology DiskStation Manager DSM 4.0 before 4.0-2259, 4.2 before 4.2-3243, and 4.3 before 4.3-3810 Update 1 allows remote attackers to append data to arbitrary...

Medium: ruby19

Issue Overview: Algorithmic complexity vulnerability in Gem::Version::ANCHOREDVERSIONPATTERN in lib/rubygems/version.rb in RubyGems before 1.8.23.2, 1.8.24 through 1.8.26, 2.0.x before 2.0.10, and 2.1.x before 2.1.5, as used in Ruby 1.9.0 through 2.0.0p247, allows remote attackers to cause a deni...

ASUS AiCloud Enabled Routers 12 Models - Authentication bypass and Sensitive file/path disclosure

ASUS routers, which are enabled with the AiCloud service SSL ports, are vulnerable to bypass of authentication and sensitive file disclosure. This vulnerability has been observed in all firmware versions, though the latest version increases the complexity of the attack. By sending a special craft...

rubygems: version regex algorithmic complexity vulnerability

A denial of service vulnerability exists in the RubyGems versions 2.0.7 or older, such that when RubyGems validates versioning it performs a wrong regular expression causing resource consumption due to algorithmic complexity...