German Exercise - Dynamic Code Loading, External URLs, Suspicious files vulnerabilities

HackApp vulnerability scanner discovered that application German Exercise published at the 'play' market has multiple vulnerabilities...

Exercise Tracker: Wear Fitness - Dangerous filesystem permissions, WebView code execution vulnerabilities

HackApp vulnerability scanner discovered that application Exercise Tracker: Wear Fitness published at the 'play' market has multiple vulnerabilities...

Naval Academy Cadets Win NSA Hacking Contest

Midshipmen from the United States Naval Academy in have won the National Security Agency’s Cyber Defense Exercise CDX for the third time. Between April 13 and 17, the CDX pits the U.S. Naval, Air Force, Coast Guard, Merchant Marine and Military Academy and the Royal Military College of Canada...

PHPEMS一处SQL注入漏洞

简要描述： PHPEMS一处SQL注入漏洞 详细说明： 9． Phpems某处存在SQL注入漏洞 存在注入代码的位置在/app/exam/phone.php的exercise函数中，具体位置在695行 $questionids = $this-question-selectQuestionsByKnows$args'knowsid',$args'number',$args'questid'; 这里的三个参数回溯下 if$this-ev-get'setExecriseConfig' $args = $this-ev-get'args'; 。。。 都是可以控制的 进入函数内部 public...

PHPEMS一处SQL注入漏洞

简要描述： PHPEMS一处SQL注入漏洞 详细说明： 8.PHPEMS某处SQL注入漏洞 存在注入漏洞的代码位置是/app/exam/phone.php的exercise函数中 具体存在漏洞地方位于239行附近 $numbers$p'questid' = intvalceil$this-exam-getQuestionNumberByQuestypeAndKnowsid$p'questid',$knowids; 这里getQuestionNumberByQuestypeAndKnowsid第二个参数$knowids是完全可控的 进入函数内部 public function...

Pandora 3.1 Auth Bypass / Arbitrary File Upload Vulnerabilities

This Metasploit module exploits an authentication bypass vulnerability in Pandora version 3.1 as disclosed by Juan Galiana Lara. It also integrates with the built-in pandora upload which allows a user to upload arbitrary files to the '/images/' directory. This Metasploit module was created as an...

Joomla Health & Fitness Stats Persistent XSS Vulnerability

No description provided by source. Name : Joomla Health & Fitness Stats Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Health and Fitness Apps Poor at Protecting Privacy FTC Says

A recent study conducted by the Federal Trade Commission examined 12 mobile health and fitness apps and found them sending users’ personal information to 76 different third parties. Jah-Juin Ho, an attorney in the FTC’s Mobile Technology Unit shared the research yesterday during a seminar regardi...

Norwich University Receives $9.9 M for Cybersecurity Research

Norwich University, a small military college nestled in the Green Mountains of Vermont, secured another round of funding for cybersecurity research this week. The grant, $9.9 million in federal funds, will feed into a project that ensures groups in the private and public sector can better plan fo...

New Jigsaw Hacking Tool Spotted in Attacks

If you’ve run an internal phishing exercise, chances are you may have used Jigsaw, an open source penetration testing tool that enables security teams to automatically generate email address combinations from a minimal amount of public information. As with other open source security and networkin...

New Rules Enable Military Assistance During Domestic Cyber-Attacks

The Obama administration has revised federal policy, enabling the military to assist during a domestic cyber-attack, reported the New York Times on Oct. 21. Typically, the military cannot deploy units within the country's borders, except for natural disasters, and even then, a presidential order ...

Joomla! Component healthstats - Persistent Cross-Site Scripting

Name : Joomla Health & Fitness Stats Persistent XSS Vulnerability Date : july 12,2010 Critical Level : HIGH vendor URL :http://joomla-extensions.instantiate.co.uk/jcomponents/healthstats Author : Sid3^effects aKa HaRi special thanks to : r0073r inj3ct0r.com,L0rd...

Use google for beginners looking for exercise provided the right opportunity-vulnerability warning-the black bar safety net

Article author: wade821643 Use google for beginners looking for exercise provided the right opportunity Novices generally suffer no webshell, to practice providing the right skills. Online one by one to find the loopholes yourself in the upload webshell, very trouble, in case the sql to a query f...

Is It Time to Stop Password Masking?

From SANS AppSec Street Fighter Blog Jason Montgomery I just ran across Jakob Nielsen‘s Alert Box post titled Stop Password Masking and wanted to provide some feedback from a security vs. usability perspective. I have great respect for Nielsen’s contribution to the usability of the web. Back in t...

[SECURITY] Fedora 7 Update: kdeedu-3.5.8-2.fc7

Educational/Edutainment applications, including: blinken: Simon Says Game kalzium: Periodic Table of Elements kanagram: Letter Order Game kbruch: Exercise Fractions keduca: Tests and Exams kgeography: Geography Trainer khangman: Hangman Game kig: Interactive Geometry kiten: Japanese Reference/Stu...