Zomato: Admin Access to a domain used for development and admin access to internal dashboards on that domain

@prateek0490 Was able to find our development server without any authentication. Which leads to leak the user data and some internal dashboards...

[SECURITY] Fedora 26 Update: pkgconf-1.3.9-1.fc26

pkgconf is a program which helps to configure compiler and linker flags for development frameworks. It is similar to pkg-config from freedesktop.org and handles .pc files in a similar manner as pkg-config...

Queries regarding app intent and allowed URL schemes

While developing Enterprise app w.r.t app intent and allowed URL schemes we need to follow the below Guide . Android App- How to add Intent Filters for Deep Links, Read Data from Incoming Intents iOS App-How to Implement Custom URL Schemes. XenMobile 10.x Enterprise Apps iPa and APK...

primusdesign.in XSS vulnerability

Vulnerable URL:...

Cloud-focused Firms Earn High Marks for Software Security in BSIMM8 Report

Companies pushing the cloud envelope are most likely to run safer cleaner code. On the flip side, as the healthcare industry embraces an increasingly software-driven business model, it is struggling to keep up with its peers when it comes to software security. Those are some of the takeaways from...

Pharos PopUp Printer Client memcpy Code Execution Vulnerability(CVE-2017-2787)

Summary A buffer overflows exists in the psnotifyd application of the Pharos PopUp printer client version 9.0. A specially crafted packet can be sent to the victim's computer and can lead to a heap based buffer overflow resulting in potential remote code execution. This client is always listening...

[SECURITY] Fedora 26 Update: python-django-1.10.8-1.fc26

Django is a high-level Python Web framework that encourages rapid development and a clean, pragmatic design. It focuses on automating as much as possible and adhering to the DRY Don't Repeat Yourself principle...

Exploit for Deserialization of Untrusted Data in Redhat Jboss_Enterprise_Application_Platform

Lab for Java Deserialization Vulnerabilities This content is...

idb - Tool to simplify some common tasks for iOS pentesting and research

idb is a tool to simplify some common tasks for iOS pentesting and research. Originally there was a command line version of the tool, but it is no longer under development so you should get the GUI version. Installation idb has some prerequisites. As it turns out, things like ruby and Qt are...

Managing Security in a DevOps Environment

DevOps is a software development practice in which development and operations engineers collaborate during the entire product lifecycle. With the adoption of DevOps at mainstream levels, we now see security starting to take a bigger role in DevOps’ day-to-day responsibilities. From a security...

IBM Operationas Analytics Predictive Insights Java SDK Remote Lift Vulnerability

IBM Operationas Analytics Predictive Insights is a proactive fault management system from IBM, USA. The system monitors the performance of physical and logical infrastructures and provides alerts in the event of failures.Java SDK is one of the Java software development kits. A remote boost...

PHP Video Battle Script 1.0 - SQL Injection

Exploit Title: PHP Video Battle Script 1.0 - SQL Injection Dork: N/A Date: 28.08.2017 Vendor Homepage: http://www.rocky.nu/ Software Link: http://www.rocky.nu/product/php-video-battle/ Demo: http://videobattle.rocky.nu/ Version: 1.0 Category: Webapps Tested on: WiN7x64/KaLiLinuXx64 CVE: N/A Explo...

Proxy Aware PowerShell C2 Framework: PoshC2

PoshC2 is a proxy aware C2 framework written completely in PowerShell to aid penetration testers with red teaming, post-exploitation and lateral movement. The tools and modules were developed off the back of our successful PowerShell sessions and payload types for the Metasploit Framework...

The vulnerability of the update mechanism for dynamic JAR files used in cloud service development tools like Context Service Software Development Kit allows a perpetrator to execute arbitrary code.

The vulnerability of the mechanism for updating dynamic JAR files used in cloud service development tools like Context Service Software Development Kit exists due to insufficient validation of input data. Exploiting this vulnerability allows a malicious actor to execute arbitrary code on the...

Industrial Cobots Might Be The Next Big IoT Security Mess

Researchers at IOActive have found nearly 50 vulnerabilities in industrial collaborative robots, machines that work side-by-side with people in manufacturing and other settings, that can be abused to possibly cause physical harm to workers, or even configured to spy on their surroundings. The...

Level up your cybersecurity journey with CLOUDSEC 2017

Beginning this month, Trend Micro will be hosting CLOUDSEC, one of the largest cybersecurity conferences across Asia-Pacific and Europe. The event features presentations and panel discussions from industry experts and thought leaders who will discuss high-level strategies, forward looking securit...

NewSouth Innovations Kakadu SDK Buffer Overflow Vulnerability

NewSouth Innovations Kakadu SDK is a JPEG2000 software development kit from NewSouth Innovations, Australia. A buffer overflow vulnerability exists in version 7.9 of the NewSouth Innovations Kakadu SDK, which originates when the program fails to properly perform bounds detection on user-submitted...

Python Pentesting Framework: PytheM

pythem is a multi-purpose pentest framework written in Python. It has been developed to be used by security researchers and security professionals. The tool intended to be used only for acts within the law. I am not liable for any undue and unlawful act practiced by this tool, for more informatio...

Chinese Quantum Satellite Sends First ‘Unhackable’ Data to Earth

In what appears to be the world's first quantum satellite transmission, China has successfully sent an "unbreakable" code over a long distance from an orbiting satellite to the Earth, achieving a milestone in the next generation encryption based on "quantum cryptography." In August last year, Chi...

PHP vulnerabilities CVE-2017-9226 and CVE-2017-7890

F5 Product Development has evaluated the currently supported releases for potential vulnerability. To determine if your release is known to be vulnerable, the components or features that are affected by the vulnerability, and for information about releases or hotfixes that address the...