Game Maker: 40 Percent of iTunes App Purchases Are Fraud

A Hong Kong based developer of games for mobile devices says that its online, multi player games are being besieged by users making fraudulent purchases from compromised iTunes accounts and says that iPhone maker Apple has turned a deaf ear to its efforts cut off the bogus activity. In an e-mail...

SAP Management Console List Logfiles

This module simply attempts to output a list of available logfiles and developer tracefiles through the SAP Management Console SOAP Interface. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SA...

Motorola Xoom Gets Hacked In Under An Hour after Release !

Despite just being released on February 24th, the Motorola Xoom has become the newest victim of developer rooting, and it took less than two hours to do it. Xeriouxly. The best part? The Clockwork Recovery running on it means that other developers can now create their own custom ROMs to hack...

HTC HD Mini Gets Hacked, Now Runs Android !

The HTC HD Mini, also previously known as Photon, is pretty old as far as smartphones go--the Windows Mobile 6.5 phone was first released back in February 2010. So a XDA Developer member has given the cellphone a new lease of life by bringing Android and Linux OS to it. Forum member "Cotulla"...

It's Time to Move Away From the Build or Break Mentality

SAN FRANCISCO–The vulnerability disclosure and patching arms race that has developed in the last decade or so in the security industry has made life extremely difficult not just for the developers writing code, but also for the folks who are interested in helping to fix broken applications. A new...

Yahoo! Announces Hack U™ Spring 2011 Series !

Yahoo! is proud to announce the Hack U™ Spring 2011 calendar of events. Join Yahoo! web experts for a week of learning, hacking and fun! You'll hear interesting tech talks, hacking tips and lessons, and get hands-on coding workshops where you'll work with cutting-edge technology. The week's event...

JVN#84393059: EC-CUBE vulnerable to cross-site scripting

EC-CUBE from LOCKON CO.,LTD. is an open source system for creating shopping websites. EC-CUBE contains a cross-site scripting vulnerability. This vulnerability is different than the previous vulnerabilities disclosed on JVN. Impact An arbitrary script may be executed on the user's web browser...

maradns -- denial of service when resolving a long DNS hostname

MaraDNS developer Sam Trenholme reports: ... a mistake in allocating an array of integers, allocating it in bytes instead of sizeofint units. This resulted in a buffer being too small, allowing it to be overwritten. The impact of this programming error is that MaraDNS can be crashed by sending...

CVE-2011-0506

Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...

Directory traversal

Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...

CVE-2011-0506

Directory traversal vulnerability in modules/profile/user.php in Ax Developer CMS AxDCMS 0.1.1 allows remote attackers to execute arbitrary code via a .. dot dot in the aXconfdefaultlanguage parameter...

JVN#30414126: Ruby Version Manager escape sequence injection vulnerability

Ruby Version Manager is a command line tool for managing multiple ruby environments. Ruby Version Manager contains an escape sequence injection vulnerability. Impact A user may unknowingly open a malicious file. As a result, the string that is output on the terminal may contain an arbitrary escap...

Discuz x 1.5 小松鼠(Discuz! X1.5 xss)

简要描述： 开发人员疏忽. 详细说明： 在发帖时输入imgjavascript:alert/sogili//img 漏洞证明： 自己去看咯...

Ax Developer CMS 'user.php' Local File Include Vulnerability

Ax Developer CMS is prone to a local file-include vulnerability because it fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to obtain potentially sensitive information and to execute arbitrary local scripts in the context of the webserver process. This ma...

JVN#50704770: Aipo vulnerable to SQL injection

Aipo from Aimluck, Inc. is groupware including functions such as scheduler and intra-office blogging. Aipo contains a SQL injection vulnerability. Impact Contents that are managed by Aipo may be viewed by a user that can login to Aipo. Solution Update the Software Update to the latest version...

Ax Developer CMS <= 0.1.1 LFI Vulnerability - Active Check

Ax Developer CMS is prone to a local file include LFI vulnerability because it fails to properly sanitize user-supplied input. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

IBM Developer Works Defaced by Hmei7 !

IBM Developer Works Defaced by Hmei7 ! Website Link : https://www.ibm.com/developerworks/linux/ Zone-H mirror: News Source : Hmei7 Found this article interesting? Follow us on Twitter  and LinkedIn to read more exclusive content we post...

Nook Color Bluetooth Chip Hacked !

Barnes and Noble's full color touch screen, Wi-Fi and 3G enabled eReader tablet NOOK color ships with a Bluetooth chip that is not activated. Well, not anymore. A user occip at XDA-developers has managed to start the Bluetooth on the device and scanning and connecting to devices is working well...

AVG 2011 Software Pack (All-in-one) +keys Download

AVG Anti-Virus 2011 11.20 Build 3152 Final x86/x64 Anti-Virus 2011 New version of famous anti-virus program from Czech developer to protect your PC from dangerous objects and network threats. Program blocks viruses, trojans, worms, spyware, and a module to deal with rootkits helps get rid of the...

Social Share 2010-06-05 Cross Site Scripting

www.eVuln.com advisory: "search" - Non-persistent XSS in Social Share Summary: http://evuln.com/vulns/169/summary.html Details: http://evuln.com/vulns/169/description.html -----------Summary----------- eVuln ID: EV0169 Software: Social Share Vendor: n/a Version: 2010-06-05 Critical Level: low Typ...