Google Pwnium Program Now Open All Year

Google is expanding its successful Pwnium vulnerability reward program–which has run at various security conferences for a couple of years now–to run continuously and offer an unlimited pool of financial rewards. Pwnium originally was established as an alternative to the Pwn2Own hacking contest a...

Michael Chertoff Risk Management ACSC Keynote

BOSTON – Former Homeland Security secretary Michael Chertoff gave enterprises a pep talk Wednesday during his keynote address at the Advanced Cyber Security Center’s annual conference. In a climate where massive financial services organizations such as JP Morgan Chase have been breached, the Whit...

AWStats 5.7 - 6.2 - Multiple Remote Exploit (extra)

No description provided by source. / Awstats exploit shell code by omin0us omin0us208 at gmail dot com dtors security group .: http://dtors.ath.cx :. Vulnerability reported by iDEFENSE pluginmode bug has been found by GHC team. The awstats exploit that was discovered allows a user to execute...

IBM Tivoli Continuous Data Protection for Files 3.1.4.0 Cross Site Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/34513/info IBM Tivoli Continuous Data Protection for Files is prone to a cross-site scripting vulnerability. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in t...

Gnome Panel <= 2.28.0 - Denial of Service PoC (0day)

No description provided by source. Tested on: ubuntu 9.10 CVE : Code : / Gnome panel = 2.28.0 denial of service poc 0-day by Pietro Oliva [email protected] http://olivapietro.altervista.org After executing this poc a backup file will be created You can restore it by typing ./paneldos restore...

Arbitrary Code Execution Bug in Android Adobe Reader

The Android variety of Adobe Reader reportedly contains a vulnerability that could give an attacker the ability to execute arbitrary code on devices running Google’s mobile operating system. The problem arises from the fact that Adobe Reader for Android exposes a number of insecure JavaScript...

Google Adds Continuous Monitoring of Android Apps

Google is adding a new security feature to Android designed to scan installed apps on a device and ensure that they’re not acting maliciously or taking unwanted actions. The system is built on Google’s existing app-verification model, which warns users if there’s a potential problem with an app...

Narrative Authentication System an Alternative to Passwords

Remember the age of text-based gaming where natural language phrasing would help you maneuver a character through scenes in a virtual world? In a gaming context, that has long been a dinosaur, replaced by intricate and massive online role-playing games. But researchers from Carleton University in...

Jenkins 1.523 - Persistent HTML Code

Advisory Information Title: Default markup formatter permits offsite-bound forms Date published : 2013-12-16 Date of last update: 2013-12-16 Vendors contacted : Jenkins CI v 1.523 Discovered by: Christian Catalano Severity: Low 02. Vulnerability Information CVE reference: CVE-2013-5573 CVSS v2...

[FruityWifi v1.6] the Wireless Network Auditing Tool

FruityWifi is a wireless network auditing tool based in the Wifi Pineapple idea. The application can be installed in any Debian based system. Tested in Debian, Kali Linux, Kali Linux ARM Raspberry Pi, Raspbian Raspberry Pi, Pwnpi Raspberry Pi. With the new version, it is possible to install...

[Bluelog v1.1.2] Linux Bluetooth scanner

Bluelog is a Linux Bluetooth scanner with optional daemon mode and web front-end, designed for site surveys and traffic monitoring. It's intended to be run for long periods of time in a static location to determine how many discoverable Bluetooth devices there are in the area. While there are man...

NIST Publishes Preliminary Cybersecurity Framework

Following an Executive Order issued by U.S. President Barack Obama in February of this year, the National Institute of Standards and Technology NIST yesterday made public a provisional copy of the government’s cybersecurity framework and says it will accept public comment on the draft for the nex...

Cisco TelePresence Multipoint Switch Media Snapshot Denial of Service Vulnerability

A vulnerability in the Media Snapshot code of Cisco TelePresence Multipoint Switch CTMS could allow an authenticated, remote attacker to cause the reload of the affected system, creating a denial of service DoS condition. The vulnerability is due to a failure in handling requests for Media Snapsh...

Pills and Tattoos to Replace Passwords for Authentication

Motorola’s Regina Dugan suggested at the Wall Street Journal’s D11 conference that pills and tattoos could replace passwords as the radical solutions to the perennial authentication problem. Dugan was formerly the head of the Pentagon’s forward-looking Defense Advanced Research Projects Agency...

SonicWALL CDP 5040 6.x - Multiple Vulnerabilities

SonicWALL CDP 5040 6.x - Multiple Vulnerabilities Title: ====== SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Date: ===== 2012-11-19 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=549 VL-ID: ===== 549 Common Vulnerability Scoring System:...

SonicWALL CDP 5040 v6.x Multiple Vulnerabilities

Exploit for php platform in category web applications SonicWALL CDP 5040 v6.x - Multiple Web Vulnerabilities Introduction: ============= Tapeless Enterprise-Level Data Backup and Protection, Without the Price Tag. Automatic, real-time data backup for servers, laptops and PCs. Features include fil...

FreeBSD : jenkins -- multiple vulnerabilities (d846af5b-00f4-11e2-b6d0-00e0814cab4e)

Jenkins Security Advisory reports : This advisory announces security vulnerabilities that were found in Jenkins core and several plugins. - The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this...

jenkins -- multiple vulnerabilities

Jenkins Security Advisory reports: This advisory announces security vulnerabilities that were found in Jenkins core and several plugins. The first vulnerability in Jenkins core allows unprivileged users to insert data into Jenkins master, which can lead to remote code execution. For this...

Google APIs Cross Site Scripting

Exploit Google Apis XSS Date: 10.08.2012 Author: TayfunBasoglu Tested: BackTrack 5 Platform: HTML ------------------------------------------------------------------ http://commondatastorage.googleapis.com/chromium-browser-continuous/index.html?path=XSS alertdocument.domain...

Permanent Reverse TCP Backdoor for IPhone and IPad

Security Expert from Coresec explains the use of a Permanent Reverse TCP Backdoor "sbd-1.36" for IPhone and IPad developed by Michel Blomgren. sbd is a Netcat-clone, designed to be portable and offer strong encryption. It runs on Unix-like operating systems and on Microsoft Win32. sbd features...