Online Automated Tasks: Huginn

Huginn is a system for building agents that perform automated tasks for you online. They can read the web, watch for events, and take actions on your behalf. Huginn’s Agents create and consume events, propagating them along a directed graph. Think of it as a hackable Yahoo! Pipes plus IFTTT on yo...

eWON Vulnerabilities

OVERVIEW Independent researcher Karn Ganeshen has identified several vulnerabilities in the eWON sa industrial router. eWON sa has produced an updated firmware to mitigate these vulnerabilities. These vulnerabilities could be exploited remotely. AFFECTED PRODUCTS The following eWON router firmwar...

​SYNful Knock: Backdoor Malware Found in Cisco Routers

Mandiant, a FireEye sister concern has been involved in researches related to cyber defense. In their recent findings, a backdoor malware named SYNful Knock identified as the one compromising the principles of Cisco routers with features such as... ...Having an everlasting effect, i.e. Serious...

Twitter Adds Email Privacy Data to Transparency Report

The number of information requests Twitter is receiving from the United States government is increasing steadily, having risen roughly 50 percent in the first six months of this year compared to the last six months of 2014. In its latest transparency report, Twitter said that it received 2,436...

CVE-2013-7442

GE Healthcare Centricity PACS Workstation 4.0 and 4.0.1 has a password of 1 CANal1 for the Administrator user and 2 iis for the IIS user, which has unspecified impact and attack vectors related to TimbuktuPro. NOTE: it is not clear whether this password is default, hardcoded, or dependent on...

JON: Cross Site scripting possible on the JBoss ON 404 error page

It was discovered that a cross-site scripting XSS vulnerability on a JBoss Operations Network 404 error page allowed for session fixation attacks. An attacker could use this flaw to impersonate a legitimate user, resulting in compromised integrity of secure data...

Unspecified Vulnerability in Oracle Virtualization Sun Ray Software Component

Oracle Virtualization Sun Ray Software is a suite of software from Oracle that provides a rich virtual desktop experience for Sun Ray clients, PCs and portables. A security vulnerability exists in the Web Console subcomponent of the Sun Ray Software component of Oracle Virtualization versions pri...

Hacking Team Promises to Rebuild RCS

The aftermath of the Hacking Team attack raised legitimate questions about the controversial Italian surveillance software vendor’s long-term viability. With reams of sensitive internal data and intellectual property posted online, how could the company survive? For now, however, the company seem...

Harvard Breach in June Hit Multiple Schools

Officials from Harvard University are warning some of its students that the school fell victim to a data breach last month and that it’s in the process of determining the scope of the attack. Anne Margulies, Harvard’s vice president and chief information officer, sent a memo to students and facul...

shopNC B2B版SQL注入一枚

简要描述： 无需登录直接出数据 详细说明： 为了节省审核时间，先来五个实例 http://www.xiu365.cn/microshop/index.php?act=personal&classid0=exp&classid1=1%20or%20updatexml1,concat0x5c,user,1%23 http://www.xiu365.cn/microshop/index.php?act=personal&classid0=exp&classid1=1%20or%20updatexml1,concat0x5c,user,1%23...

CVE-2015-5078

LimeSurvey 2.06+ is affected by a SQL injection in the insert function (application/controllers/admin/dataentry.php) via the closedate parameter. The vulnerability allows a remote authenticated user to execute arbitrary SQL commands through this input. The root cause is an unsafely handled closed...

Federal Agencies to Move to HTTPS-Only Connections

Following the lead of many major Web services, the White House on Monday announced that it would move all of the federal government’s public sites and services to HTTPS-only. Tony Scott, the federal CIO, has issued a memorandum to all federal agencies and departments instructing them to move all ...

Toshiba Commerce Solutions Retail Software Security Vulnerabilities

Toshiba last week patched a potentially serious vulnerability in its CHEC self-checkout software prevalent in retail locations, while it is still wrangling with another security issue in its point-of-sale offering. The vulnerabilities were reported in August 2014 by David Odell of FishNet Securit...

Broadlight Residential Gateway DI3124 - Remote DNS Change

Broadlight Residential Gateway DI3124 - Remote DNS Change Broadlight Residential Gateway DI3124 Unauthenticated Remote DNS Change Copyright 2015 c Todor Donev http://www.ethical-hacker.org/ https://www.facebook.com/ethicalhackerorg No description for morons, script kiddies & noobs !! Disclaimer:...

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability

Thycotic Password Manager Secret Server iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Thycotic-SecretServer.html Overview "With the Password Manager Secret Server app, you can access passwords for an EXISTING on-premise Secret Server or Secret Server...

Datapp Sniffs Out Unencrypted Mobile Data

Last fall, researchers at the University of New Haven’s Cyber Forensics Research and Education Group dropped the hammer on a number of Android apps, including those from some popular social networking and dating sites, for their insistence on sending data in the clear. Pretty quickly, the UNHcFRE...

The vulnerability of the Red Hat Enterprise Linux operating system allows a remote attacker to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the rsyslog7-gssapi-7.4.10 package for the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. Exploitation of this vulnerability can be carried out remotely...

Vulnerabilities of the Red Hat Enterprise Linux operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

The multiple vulnerabilities in the systemtap-initscript-1.1 package of the Red Hat Enterprise Linux operating system can be exploited, which may lead to violations of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...

The vulnerability of the Red Hat Enterprise Linux operating system allows malicious actors to compromise the confidentiality, integrity, and accessibility of protected information.

The vulnerability of the util-linux-2.13 package on the Red Hat Enterprise Linux operating system can lead to violations of confidentiality, integrity, and accessibility of protected information. This vulnerability can be exploited locally...

Vulnerabilities of the CentOS operating system that allow malicious actors to compromise the confidentiality, integrity, and accessibility of protected information

Multiple vulnerabilities exist in the glibc-2.3.4 package of the CentOS operating system. Exploitation of these vulnerabilities may lead to breaches of confidentiality, integrity, and accessibility of protected information. These vulnerabilities can be exploited locally...