SuiteCRM authenticated SQL injection in export functionality

This module exploits an authenticated SQL injection in SuiteCRM in versions before 7.12.6. The vulnerability allows an authenticated attacker to send specially crafted requests to the export entry point of the application in order to retrieve all the usernames and their associated password from t...

EMC NetWorker Buffer Overflow Vulnerability

EMC NetWorker Server contains a buffer overflow vulnerability that could potentially be exploited by malicious users to compromise the affected system. Versions prior to 8.2.4.9, 9.0.x all supported versions, prior to 9.1.1.3, and prior to 9.2.0.4 are affected. EMC NetWorker Buffer Overflow...

Remote Wi-Fi Attack Backdoors iPhone 7

Google on Tuesday disclosed details and a proof-of-concept exploit for a Wi-Fi firmware vulnerability in Broadcom chipsets patched this week in iOS 11. The attack enables code execution and persistent presence on a compromised device. “The exploit gains code execution on the Wi-Fi firmware on the...

Blackhat Firm Offers $500,000 for Zero-day iOS Exploit; Double Than Apple’s Highest Bounty

Last week, Apple finally announced a bug bounty program for researchers and white hat hackers to find and get paid for reporting details of zero-day vulnerabilities in its software and devices. The company offers the biggest payout of $200,000, which is 10 times the maximum reward that Google...

Putting Apple Bug Bounty Rewards in Perspective

Admittedly, the payouts for Apple’s bug bounty announced last week at Black Hat drew mixed reactions ranging from reasonable to raucously funny. Apple made a big splash at the annual hacker conference, first via a last-minute announcement that well-regarded Ivan Krstic would be giving a talk on...

FreeBSD : i2p -- Multiple Vulnerabilities (13419364-1685-11e4-bf04-60a44c524f57)

The i2p project reports : XSS and remote execution vulnerabilities reported by Exodus Intelligence. Exodus Intelligence reports : The vulnerability we have found is able to perform remote code execution with a specially crafted payload. This payload can be customized to unmask a user and show the...

TAILS Team Recommends Workarounds for Flaw in I2P

The developers of the TAILS operating system say that users can mitigate the severity of the critical vulnerability researchers discovered in the I2P software that’s bundled with TAILS with a couple of workarounds, but there is no patch for the bug yet. The vulnerability that affects TAILS is in...

i2p -- Multiple Vulnerabilities

The i2p project reports: XSS and remote execution vulnerabilities reported by Exodus Intelligence. Exodus Intelligence reports: The vulnerability we have found is able to perform remote code execution with a specially crafted payload. This payload can be customized to unmask a user and show the...

Researchers Demonstrate Zero-Day Vulnerabilities in Tails Operating System

The critical zero-day security flaws, discovered in the privacy and security dedicated Linux-based Tails operating system by the researcher at Exodus Intelligence that could help attackers or law enforcements to de-anonymize anyone’s identity, actually lie in the I2P software that’s bundled with...

Warning — Zero-Day Vulnerabilities Identified in Tails Operating System

The critical zero-day security flaws has been discovered in the privacy and security dedicated Linux-based operating system “Tails” that could be used by an attacker to unmask your identity. Tails, which is been used and recommended by the global surveillance whistleblower Edward Snowden to remai...

Researchers Plan to Disclose Critical Bugs to TAILS Team Soon

The developers of the TAILS operating system are poised to release a new version of the software–which is designed to preserve privacy and anonymity–and it includes several security fixes. However, there are several other security issues that aren’t patched in the new release, vulnerabilities...

Schneider Electric IGSS Buffer Overflow

Overview Independent researcher Aaron Portnoy of Exodus Intelligence has identified a buffer overflow vulnerability in Schneider Electric’s Interactive Graphical SCADA System IGSS application. Schneider Electric has produced a patch that fully resolves this vulnerability. Aaron Portnoy has...

Microsoft paid over $28,000 Rewards to Six Researchers for its first ever Bug Bounty Program

Microsoft today announced that they had paid more than $28,000 in rewards to Security Researchers for its first Bug Bounty program, that went on for a month during the preview release of Internet Explorer 11 IE11. The program was designed to run during Internet Explorer 11's browser beta test on...

Researchers Bypass Microsoft Fix It for IE Zero Day

Expect amped up pressure aimed in Microsoft’s direction for a patch for the Internet Explorer zero day that surfaced last week, now that researchers at Exodus Intelligence reported today they have developed a bypass for the Fix It that Microsoft released as a temporary mitigation. Their new explo...

Former Zero Day Initiative Researchers Form New Firm Exodus Intelligence

In case you thought that the mass exodus of researchers from TippingPoint’s Zero Day Initiative in recent months meant that the demand for third-party vulnerability markets was waning, fear not. Several former members of the ZDI team have come back together to form a new firm called Exodus...