Infographic: How Mobile Apps Invade Your Privacy

Combine the rapid adoption of mobile devices with the behavior of some companies developing applications for them, and what do you get? A pocket-sized, portable privacy liability. Veracode explores the consequences of rampant data-mining and the importance of finding the balance between function...

Debian Security Advisory DSA 2466-1 (rails)

The remote host is missing an update to rails announced via advisory DSA 2466-1. OpenVAS Vulnerability Test $Id: deb24661.nasl 6612 2017-07-07 12:08:03Z cfischer $ Description: Auto-generated from advisory DSA 2466-1 rails Authors: Thomas Reinke Copyright: Copyright c 2012 E-Soft Inc...

Critical: Red Hat Security Advisory: java-1.4.2-ibm security update

Updated java-1.4.2-ibm packages that fix several security issues are now available for Red Hat Enterprise Linux 5 Supplementary. The Red Hat Security Response Team has rated this update as having critical security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed...

[SECURITY] Fedora 17 Update: python-virtualenvwrapper-3.2-3.fc17

virtualenvwrapper is a set of extensions to Ian Bicking's virtualenv tool. The extensions include wrappers for creating and deleting virtual environments and otherwise managing your development workflow, making it easier to work on more than one project at a time without introducing conflicts in...

Acuity CMS 2.6.x Shell Upload

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Arbitrary File Upload. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION Acuity...

Acuity CMS 2.6.x Directory Traversal

OVERVIEW Acuity CMS 2.6.x ASP-based versions are vulnerable to Path Traversal. 2. BACKGROUND Acuity CMS is a powerful but simple, extremely easy to use, low priced, easy to deploy content management system. It is a leader in its price and feature class. 3. VULNERABILITY DESCRIPTION The issue is...

Microsoft Windows XP - Keyboard Layouts Pool Corruption (PoC) (MS12-034)

=========== Description =========== Windows XP keyboard layouts pool corruption 0day PoC, post-MS12-034. Vulnerability exists in the function win32k!ReadLayoutFile, that parses keyboard layout files data. Possible attack vector -- local privileges escalation. Similar vuln CVE-2012-0183 was patche...

Microsoft's SDL Expands Beyond Redmond

It’s been more than 10 years now since Microsoft began the initiative that would eventually become Trustworthy Computing, and while the effects it’s had inside the company have been well documented, the utility and adoption of the Security Development Lifecycle by outside organizations and...

PHP CGI Query String Parameters Command Execution

Added: 05/15/2012 CVE: CVE-2012-1823 BID: 53388 OSVDB: 81633 Background PHP is a widely used general-purpose scripting language that is especially suited for Web development. Problem When configured as a CGI script aka php-cgi, PHP does not properly handle query string parameters which are passed...

chromium -- multiple vulnerabilities

Google Chrome Releases reports: 112983 Low CVE-2011-3083: Browser crash with video + FTP. Credit to Aki Helin of OUSPG. 113496 Low CVE-2011-3084: Load links from internal pages in their own process. Credit to Brett Wilson of the Chromium development community. 118374 Medium CVE-2011-3085: UI...

The Hackers Conference 2012 Call For Papers #THC2012

We are extremely delighted to announce the Call for Papers for The Hackers Conference 2012 It is a unique event, where the elite of the hacker world, leaders in the information security industry and the Internet community meet face to face to join their efforts to cooperate in addressing the most...

DSA-2466-1 rails - cross site scripting

Bulletin has no description...

国内优秀的JAVA(JSP)内容网站管理系统.FCK上传漏洞

简要描述： 国内优秀的JAVAJSP内容网站管理系统.FCK上传漏洞 详细说明： 漏洞地址: www.域名/thirdparty/fckeditor/editor/filemanager/browser/default/browser.html?Type=Image&Connector=connectors/jsp/connector.jsp 漏洞证明： 使用JEECMS系统的网站FCK漏洞地址： 1、中国物流信息中心：http://www.clic.org.cn/...

Magnolia Development Group CSRF / SQL Injection

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ \ ,/\ /\ \ 1 1 //\ \ /' \ /\ //\ Exploit database separated by exploit 0 0 // type local, remote, DoS, etc. 1 1 1 0 + Site : 1337day.com 0 1 + Support e-mail :...

Heycats CMS Cross Site Scripting

Exploit Title : heycats Cms Cross-Site Scripting Vulnerabilities Author : BHG Security Center - IrIsT Security Team Discovered By : Am!r Home : http://Black-hg.Org - http://IrIsT.Ir Software Link : http://www.heycats.com/ Security Risk : High Version : All Version Tested on : GNU/Linux Ubuntu -...

RuggedCom: Dust Hasn't Cleared From Backdoor Account Revelation

The dust still hasn’t cleared from revelations that many of RuggedCom brand networking products contain an easily-exploited back door account, and that it is working on a fix for the problem, according to a statement from Siemens, which recently bought RuggedCom. “We are looking into all aspects ...

Developing and Sharing Tools for Professional Hackers

Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is...

A CISO's Guide To Application Security – Part 3: Toward an AppSec Center of Excellence

This post is the third in a 4-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

Teen's Arrest Underscores Need for More Secure Web Development

A 15-year-old who claimed he was bored when he turned to hacking was arrested for breaking into almost 260 companies during the first three months of this year, according to a ZDNet article published earlier today. Austria’s Federal Criminal Police Office said the teenager, who used the hacker...

Mozilla Firefox Bootstrapped Addon Social Engineering Code Execution

Mozilla Firefox before version 41 allowed users to install unsigned browser extensions from arbitrary web servers. This module dynamically creates an unsigned .xpi addon file. The resulting bootstrapped Firefox addon is presented to the victim via a web page. The victim's Firefox browser will pop...