LinkedIn with Two-factor authentication and Cross Site Scripting Flaw

Two Factor Authentication is becoming a standard in the enterprise security space in an attempt to dually secure end users against malicious attacks. Following Dropbox, Google and virtually everyone else, LinkedIn added two-factor authentication to its login process today. LinkedIn will provide...

JVN#53579095: FileMaker Pro vulnerable to cross-site scripting

FileMaker Pro contains an "Instant Web Publishing" function. When this function is enabled, FileMaker Pro is vulnerable to cross-scripting. Impact An arbitrary script may be executed on the user's web browser. Solution Upgrade the software Upgrade to the latest version according to the informatio...

Beta Bot Trojan Emerges as New Type of Banking Malware

A new strain of banking malware, Beta Bot, has been refined over the last few months to target ecommerce and comes complete with an array of features to help prevent it from being caught by usual security measures. According to research conducted by RSA Security’s Limor Kessem, the bot started ou...

[Sandcat Browser 4.0] The fastest web browser with many useful security and developer oriented tools

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

Sandcat Browser 4.0 released, new tools added for Pen-Testers

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

Sandcat Browser 4.0 released, new tools added for Pen-Testers

Sandcat Browser, The fastest web browser with many useful security and developer oriented tools updated to version 4.0 with the fastest scripting language packed with features for pen-testers. Sandcat 4 adds a large number of enhancements, new features, extensions and bug fixes, and provides a...

JVN#22756333: Sleipnir Mobile for Android vulnerable to address bar spoofing

Sleipnir Mobile for Android contains an issue when opening a new window, which may result in the address bar being spoofed. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update the software Update to the latest...

JVN#31817913: Yahoo! Browser vulnerable to address bar spoofing

Yahoo! Browser contains an issue in displaying URL, which may result in the address bar being spoofed. Note that this vulnerability is different from JVN55074201. Impact This vulnerability could be leveraged to forge the contents of the address bar for conducting phishing attacks. Solution Update...

JVN#52552792: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a vulnerability in handling the output of parameters, which may result in cross-site scripting. Impact When a user accesses a specially crafted URL while there is an item in the shopping cart, a...

Mac OS X Backdoor Found in Wild

It was inevitable another sample of the Mac OS X spyware discovered last week would surface. Researchers said today that a German investigator informed its researchers of another instance in the wild. Spread via a spear phishing campaign that’s apparently been circulating since December, the...

Apple certified Mac Malware Captures and Uploads Screenshots without Permission

Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum. This Mac malware that has been used to spy on activists, targeted via spear...

Researcher Discovers Mac Malware at Anti-Malware Workshop

In an Oslo Freedom Forum workshop offering advice to free speech advocates on how to better secure their devices against government surveillance, security researcher Jacob Appelbaum uncovered a new strain of malware with backdoor capabilities on the Mac machine of an Angolan activist attending th...

Apple certified Mac Malware Captures and Uploads Screenshots without Permission

Earlier this week, new Mac spyware was discovered on a computer at the Oslo Freedom Forum, which is an annual human rights conference. Dubbed as OSX/KitM.A, discovered by computer security researcher Jacob Appelbaum. This Mac malware that has been used to spy on activists, targeted via spear...

Moxiecode File Manager 3.1.5 Shell Upload

Hello list! I want to warn you about vulnerabilities in Moxiecode File Manager MCFileManager. This is commercial plugin for TinyMCE. It concerns as MCFileManager, as all web applications which have MCFileManager in their bundle. These are Arbitrary File Uploading vulnerabilities, which lead to Co...

Fedora Update for plexus-archiver FEDORA-2013-5548

Check for the Version of plexus-archiver OpenVAS Vulnerability Test Fedora Update for plexus-archiver FEDORA-2013-5548 Authors: System Generated Check Copyright: Copyright c 2013 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify...

No-IP Dynamic Update Client 2.1.9 Stack Overflow

!/usr/bin/env python Title: No-IP Dynamic Update Client DUC 2.1.9 local IPaddress stack overflow Author: Alberto Ortega @a0rtega [email protected] Date: May 11 2013 vulnerability discovered Background: No-IP is probably the most used Dynamic DNS provider worldwide, their Dynamic Update Client D...

[SECURITY] Fedora 19 Update: plexus-archiver-2.3-1.fc19

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 18 Update: plexus-archiver-2.3-1.fc18

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

[SECURITY] Fedora 17 Update: plexus-archiver-2.3-1.fc17

The Plexus project seeks to create end-to-end developer tools for writing applications. At the core is the container, which can be embedded or for a full scale application server. There are many reusable components for hibernate, form processing, jndi, i18n, velocity, etc. Plexus also includes an...

OpenDocMan 1.2.6.5 Cross Site Scripting

Exploit Title: OpenDocMan 1.2.6.5 Stored/Reflective XSS Date: 05/04/2013 Exploit Author: drone @dronesec More Exploit Information: Vendor Homepage: http://www.opendocman.com/ Software Link: http://sourceforge.net/projects/opendocman/files/opendocman/1.2.6.5/opendocman-1.2.6.5.zip/download Version...