Microsoft Releases Advance Notification for January Security Bulletin

Microsoft has issued a Security Bulletin Advanced Notification indicating that its January release will contain seven bulletins. These bulletins will have the serverity rating of critical and important and will be for Microsoft Windows, Office, Developers Tools, Server Software, and .NET Framewor...

Root Exploit in Devices with Samsung's Exynos Processors

An XDA Developers forum member operating under the handle alephzain has created an exploit that obtains root privileges and enables malicious application installation on the many Samsung devices that contain Exynos 4210 and 4412 processors. The list of devices that use the affected processors...

Samsung Exynos kernel exploit offer Root without Flashing

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There’s both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices,...

XSS vulnerability in web applications with swfupload: AionWeb, Magento, Liferay Portal, SurgeMail, symfony.

Hello 3APA3A! I will draw your attention to XSS vulnerability in other web applications with swfupload. Earlier I've wrote about swfupload in Dotclear, InstantCMS, AionWeb, Dolphin and that this hole is available in many other web applications. In previous letter I've wrote concerning web...

[SECURITY] Fedora 18 Update: mcrypt-2.6.8-10.fc18

MCrypt is a replacement for the old crypt package and crypt1 command, with extensions. It allows developers to use a wide range of encryption functions, without making drastic changes to their code. It allows users to encrypt files or data streams without having to be cryptographers...

ImageShack Server and Symantec Database hacked and Dumped

Hackers hack into ImageShack server and expose all the files online, moreover Antivirus Company Symantec's portal also hacked by them and complete database of all 1000's of researchers dumped in a pastebin File. One of the hacker behind this hack avilable on twitter at @Doxbin. Hacker expose...

Japanese Android developers arrested for infecting 10 million users

Japanese police arrested five mobile applications developers for creating and embedding a virus into smartphone applications. According to The Metropolitan Police Department, Intial reports said that about 90,000 smartphones users were infected with a virus lurking in applications they downloaded...

California Attorney General Puts Mobile App Developers on Notice

California Attorney General Kamala D. Harris today announced a crackdown on mobile application developers and companies that haven’t posted privacy policies, at least where users can easily find them. The attorney general is giving recipients 30 days “to conspicuously post a privacy policy within...

Fedora Update for gitolite3 FEDORA-2012-15731

Check for the Version of gitolite3 OpenVAS Vulnerability Test Fedora Update for gitolite3 FEDORA-2012-15731 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

[SECURITY] Fedora 18 Update: gitolite3-3.04-4.fc18

Gitolite allows a server to host many git repositories and provide access to many developers, without having to give them real userids on the server. The essential magic in doing this is ssh's pubkey access and the authorized keys file, and the inspiration was an older program called gitosis...

SongCMS enterprise website backstage management system, several problems result getshell-a vulnerability warning-the black bar safety net

SongCMS enterprise built Station system is based on ASP+ACCESS/SQL technical site background management system, Suitable for General programmers to develop a variety of personalized corporate website,database and call the function have detailed comments; ewebeditor: inc/ewebeditor/adminlogin. asp...

Multiple vulnerabilities in IFOBS

Hello 3APA3A! I want to warn you about Brute Force and Cross-Site Scripting vulnerabilities in system IFOBS. IFOBS - it's Internet-banking system, which is widespread and particularly it's used by large number of Ukrainian banks. These are the first 38 vulnerabilities in IFOBS: 2 BF and 36 XSS...

Fake Flash Player, Laden with Malware, Making Rounds

Scammers have already begun to take advantage of Adobe’s recent decision to remove its Flash Player from Android’s Google Play marketplace. Last week’s removal has prompted scammers to start promoting fake versions of the software to unsuspecting smartphone owners. While researching the scamware,...

JW Player Pro 5.10.2295 Spoofing / Cross Site Scripting

Hello list! I want to warn you about security vulnerabilities in JW Player Pro. These are Content Spoofing and Cross-Site Scripting vulnerabilities. In June I've wrote about vulnerabilities in JW Player http://securityvulns.ru/docs28176.html. And these are vulnerabilities in licensed version of t...

Twitter to Update API to Require Authentication

In order to limit malicious use, Twitter is closing ranks around its API and requiring application developers use authentication in its upcoming new release. The company announced Thursday afternoon in a blog post that it was introducing new restrictions in v1.1 to create a “more consistent Twitt...

XXE Injection in CakePHP and Squiz CMS

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

CakePHP / Squiz CMS XXE Injection

Hello! I'll give you additional information concerning advisories CakePHP 2.x-2.2.0-RC2 XXE Injection http://securityvulns.ru/docs28331.html and Squiz CMS Multiple Vulnerabilities http://securityvulns.ru/docs28220.html. It's about XXE Injection in CakePHP and Squiz CMS. Similarly to earlier...

Microsoft Releases Attack Surface Analyzer Tool

Microsoft has released a public version of its internal Attack Surface Analyzer tool, which helps organizations identify changes to a system’s attack surface as new applications are added. The tool has been in beta for a few months, but this is the first official release. The Attack Surface...

Microsoft Publishes Workaround for Oracle Outside In Vulnerability

Microsoft gave its users steps earlier this week to sidestep a vulnerability in one of Oracle’s Outside In libraries. The company published some mitigations for the bug, but said it isn’t aware of any active attacks against it yet. The Oracle technology is licensed by software developers like...

IDS Developers Sql Injection Vulnerability

Exploit for php platform in category web applications 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 +...