Flickr Usage

Binary data 6972.prm...

INSTEON Hub 2242-222 - Lack of Web and API Authentication

INSTEON Hub 2242-222 - Lack of Web and API Authentication Trustwave SpiderLabs Security Advisory TWSL2013-023: Lack of Web and API Authentication Vulnerability in INSTEON Hub Published: 8/01/13 Version: 1.0 Vendor: INSTEON http://www.INSTEON.com/ Product: Hub Version affected: 2242-222 model...

Apple to Fix Malicious Fake USB Charger Flaw

Apple claims it will fix a previously disclosed flaw in the current iteration of its mobile operating system, iOS 6, that can allow hackers complete access to an iPhone or iPad via a fake USB charger. Reuters confirmed the impending fix Wednesday after speaking with Apple spokesman Tom Numayr at...

CVE-2013-3011

Unspecified vulnerability in the Java Runtime Environment JRE in IBM Java 1.4.2 before 1.4.2 SR13-FP18, 5.0 before 5.0 SR16-FP3, 6 before 6 SR14, 6.0.1 before 6.0.1 SR6, and 7 before 7 SR5 allows remote attackers to affect confidentiality, availability, and integrity via unknown vectors, a...

South Korea defense bans Smartphones for data security

South Korea's Ministry of National Defense is banning its employees from using the smart phones inside of the ministry's building in a bid to prevent military data leaks. At present, the only way to ensure sensitive corporate and Defense data is not lost is to provide employees with devices owned...

South Korea defense bans Smartphones for data security

South Korea’s Ministry of National Defense is banning its employees from using the smart phones inside of the ministry's building in a bid to prevent military data leaks. At present, the only way to ensure sensitive corporate and Defense data is not lost is to provide employees with devices owned...

Code injection

LOCKON EC-CUBE 2.11.2 through 2.12.4 allows remote attackers to conduct unspecified PHP code-injection attacks via a crafted string, related to data/class/SCCheckError.php and data/class/SCFormParam.php...

Good MDM Settings

Binary data gmdmsettings.nbin...

CVE-2013-2147

CVE-2013-2147 affects the Linux kernel drivers for HP Smart Array/Compaq SMART2 (cpqarray/cciss). The root cause is uninitialized data structures in ida_locked_ioctl (via /dev/ida) and cciss_ioctl32_passthru (via /dev/cciss), allowing local attackers to read kernel memory how? through crafted IDA...

OpenJDK: image processing vulnerability (2D, 8007617)

Unspecified vulnerability in the Java Runtime Environment JRE component in Oracle Java SE 7 Update 17 and earlier, 6 Update 43 and earlier, and 5.0 Update 41 and earlier; and OpenJDK 6 and 7; allows remote attackers to affect confidentiality, integrity, and availability via unknown vectors relate...

National Security Data on Private Networks Exposed as a Weak Point

The United States intelligence community and its counterparts in law enforcement are quite secretive about their surveillance methods and the targets of those operations. Few people are privy to information about ongoing surveillance, but now it turns out that the Chinese government may have a...

Kimai 0.9.2.1306-3 - SQL Injection

Kimai 0.9.2.1306-3 - SQL Injection Exploit Title: Kimai 0.9.2.1306-3 SQLi Date: 05/20/2013 Exploit Author: drone @dronesec Vendor Homepage: http://www.kimai.org/ Software Link: https://downloads.sourceforge.net/project/kimai/0.9.x/kimai.0.9.2.1306-3.zip Version: 0.9.2.1306-3 Fixed in: source...

PCI DSS 3.0 Is Coming Soon

The PCI Security Standards Council SSC plans on releasing the newest version of the PCI Data Security Standard in October, 2013. Predictably, the PCI SSC has been tight-lipped on divulging details regarding any expected changes...

Linux/Cdorked.A Backdoor

Binary data cdorkedremote.nbin...

Compliance Talk: Debt Collectors and PCI

As the largest IT audit and compliance advisor in the U.S., Coalfire is exposed to a wide variety of compliance concerns. In this series of Compliance Talk blogs, Dirk and Ken are back at their favorite coffee shop…the Bean and Berry in Louisville, Colorado. Over a couple cappuccinos, their...

Sql injection

The Active Record component in Ruby on Rails 2.3.x, 3.0.x, 3.1.x, and 3.2.x does not ensure that the declared data type of a database column is used during comparisons of input values to stored values in that column, which makes it easier for remote attackers to conduct data-type injection attack...

KIK Messenger Password Disclosure

KIK Messenger stores password in plain text This is the conclusion of Mobile Security Company, a Dutch organisation specialized in security audits of mobile applications. The username and password are stored in the com.kik.chat.plist file. This file can be viewed on a jailbroken device or when...

90% of pirated games are infected with Malware

If you've ever been tempted to download a ‘hack’ for your favorite game to accelerate your progress, or to download a pirated copy of the latest title through a torrent or file-sharing site, watch out ! Anti-virus company AVG has today warns that over 90% of hacked or cracked games downloaded via...

One Percent of User Base Exposed in Scribd Data Breach

Document-sharing website Scribd announced this week it was hacked, the victim of what it’s calling a “deliberate attempt to access the email addresses and passwords of registered Scribd users.” In a post on the Support Desk section of its website, the San Francisco-based service claims it noticed...

Cimetrics BACnet Detection and Realm Information (deprecated)

Binary data 6730.prm...