BlackBerry Z 10 Buffer Overflow

--------------------------------------------------------------------- modzero Security Advisory: BlackBerry Z 10 - Buffer Overflow in qconnDoor MZ-13-05 --------------------------------------------------------------------- --------------------------------------------------------------------- 1...

Beware of Zeus Banking Trojan Signed With Valid Digital Signature

A new dangerous variant of ZeuS Banking Trojan has been identified by Comodo AV labs which is signed by stolen Digital Certificate which belongs to Microsoft Developer to avoid detection from Web browsers and anti-virus systems. Every Windows PC in the world is set to accept software "signed" wit...

php-font-lib 0.3 Cross Site Scripting

========================================================== php-font-lib - Subset maker makesubset.php Reflected Cross-site Scripting Revision 1.0 ========================================================== Author: Daniel C. Marques @0xc0da Release date: 2014-03-23 Reference:...

JVN#81739241: sp mode mail issue when accessing attachments in incoming mail

sp mode mail provided by NTT DOCOMO contains a function that allows other Android applications to access attachments for incoming emails. This function contains an issue in the restriction of access permissions. Impact If a malicious Android application is installed on the device, attachments for...

crypto.generateCRMFRequest does not validate type of key — Mozilla

Mozilla developer David Keeler reported that the crypto.generateCRFMRequest method did not correctly validate the key type of the KeyParams argument when generating ec-dual-use requests. This could lead to a crash and a denial of service DOS attack...

Joomla AJAX Shoutbox SQL Injection

Joomla AJAX Shoutbox Remote SQL Injection vulnerability - Author: Ibrahim Raafat - Contact: https://twitter.com/RaafatSEC - Discovery date: 1 April 2010 4 years ago - Reported to vendor : 12 March 2014 - Response: Quick response from the developer, Patched and released version 1.7 in the same day...

Safari User-Assisted Download / Run Attack

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Safari User-Assisted Download & Run...

Safari User-Assisted Download and Run Attack

This module abuses some Safari functionality to force the download of a zipped .app OSX application containing our payload. The app is then invoked using a custom URL scheme. At this point, the user is presented with Gatekeeper's prompt: "APPNAME" is an application downloaded from the internet. A...

[Ncrack] High-Speed Network Authentication Cracker

Ncrack is a high-speed network authentication cracking tool. It was built to help companies secure their networks by proactively testing all their hosts and networking devices for poor passwords. Security professionals also rely on Ncrack when auditing their clients. Ncrack was designed using a...

JVN#26393529: Cybozu Garoon vulnerable to directory traversal

Cybozu Garoon provided by Cybozu, Inc. is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the process of downloading files. Impact A user who can log in to the product may obtain files on the server. Solution For Cybozu Garoon 3.7: Apply the Patch Apply the appropriate...

JVN#87797318: XooNIps vulnerable to cross-site scripting

XooNIps provided by Neuroinformatics Japan Center, RIKEN Brain Science Institute is a module of XOOPS. XooNIps contains an issue in processing the output of input character string to the web page, which may result in a cross-site scripting vulnerability. Impact An arbitrary script may be executed...

Fedora Update for drupal6-ctools FEDORA-2014-2484

Check for the Version of drupal6-ctools OpenVAS Vulnerability Test Fedora Update for drupal6-ctools FEDORA-2014-2484 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify i...

[SECURITY] Fedora 20 Update: drupal6-ctools-1.11-1.fc20

This suite is primarily a set of APIs and tools to improve the developer experience. It also contains a module called the Page Manager whose job is to manage pages. In particular it manages panel pages, but as it grows it will be able to manage far more than just Panels. For the moment, it includ...

Apache Struts Debugging Interceptor Remote Code Execution (CVE-2012-0394)

A remote code execution vulnerability exists in Apache Struts 2 web application framework. The vulnerability is due to insufficient input sanitization when running commands in "developer mode". A remote attacker can exploit this vulnerability by sending a crafted HTTP request to a vulnerable...

Google and Apple app Store removing all Games with "Flappy" word in Title

After the developer of Flappy Bird pulled the gaming app from both the Apple and Google app stores, it led to the creation of dozens and dozens of Flappy Bird clones that are trying to cash in on the popularity of the original title. Also Security researchers from multiple anti-malware firms have...

Hardcoded credentials

An unspecified servlet in IBM Platform Symphony Developer Edition DE 5.2 and 6.1.x through 6.1.1 has hardcoded credentials, which allows remote attackers to bypass authentication and obtain "local environment" access via unknown vectors...

ODude Dir - DT

ODude DIR - DT-777 developer statement ODude Dir 1.1 updated with fixed securities issues. http://www.odude.com/main/dir/dir-log.html...

ODude Ecard - DT

ODude Ecard - DT - 777 developer statement - ODude Ecard Version 2.1 http://www.odude.com/main/odude-ecard/ecard-log.html...

ODude Profile

ODude Profile Directory Traversal vulnerability - 777 developer statement ODude Profile | 3.2 | http://www.odude.com/main/profile/profile-changelog.html ---|---|---...

Apache Struts Developer Mode OGNL Execution Exploit

This Metasploit module exploits a remote command execution vulnerability in Apache Struts 2. The problem exists on applications running in developer mode, where the DebuggingInterceptor allows evaluation and execution of OGNL expressions, which allows remote attackers to execute arbitrary Java...