137 matches found
Gnip Banking Trojan Shows Ongoing, Aggressive Development
A new custom mobile banking malware for Android, dubbed Gnip, has emerged onto the scene, and its authors have taken an aggressive development track: Gnip appears to have been cobbled together in under five months, with four different variants already circulating — including a sample released in...
CVE-2019-16403
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values such as address, review, orders, etc. can also be manipulated by other customers...
Code injection
In Webkul Bagisto before 0.1.5, the functionalities for customers to change their own values such as address, review, orders, etc. can also be manipulated by other customers...
Mimikatz v2.2.0 - A Post-Exploitation Tool to Extract Plaintexts Passwords, Hash, PIN Code from Memory
mimikatz is a tool I've made to learn C and make somes experiments with Windows security. It's now well known to extract plaintexts passwords, hash, PIN code and kerberos tickets from memory. mimikatz can also perform pass-the-hash, pass-the-ticket or build Golden tickets. But that's not all!...
Report outdated / end-of-life Scan Engine / Environment (local)
This script checks and reports an outdated or end-of-life scan engine for the following environments: - Greenbone Community Edition - Greenbone Free formerly Greenbone Enterprise TRIAL, Greenbone Security Manager TRIAL / Greenbone Community Edition VM used for this scan. NOTE: While this is not, ...
Cross site request forgery (csrf)
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: searchbyname, searchbyhash, and searchlink...
CVE-2018-11349
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: searchbyname, searchbyhash, and searchlink...
CVE-2018-11349
The administration panel of Jirafeau before 3.4.1 is vulnerable to three CSRF attacks on search functionalities: searchbyname, searchbyhash, and searchlink...
Newsmaker Interview: VDOO CEO Talks Top IoT Threats
IoT security is like a game of Whac-A-Mole. Fix one CVE and four new bugs pop up. Last month, researchers found a slew of vulnerabilities in Axis cameras that could enable an attacker to access camera video streams, control the camera, add it to a botnet or render it useless. Also in June, IP...
Drupwn - Drupal Enumeration & Exploitation Tool
Drupwn claims to provide an efficient way to gather drupal information. Further explaination on blog post article Supported tested version Drupal 7 Drupal 8 Execution mode Drupwn can be run, using two seperate modes which are enum and exploit. The enum mode allows performing enumerations whereas...
APT Hackers Infect Routers to Covertly Implant Slingshot Spying Malware
Security researchers at Kaspersky have identified a sophisticated APT hacking group that has been operating since at least 2012 without being noticed due to their complex and clever hacking techniques. The hacking group used a piece of advanced malware—dubbed Slingshot—to infect hundreds of...
Security Analysis with Bamboo Plugin
Build Management with Bamboo In the process of continuous integration, a code repository is automatically built and tested by a CI service when code is pushed or committed to the repository. This enables automated testing, tracking, and reporting of build errors and boosts the productivity of...
Netartmedia iBoutique.MALL SQLi Vulnerability
No description provided by source. Name : Netartmedia iBoutique.MALL SQLi Vulnerability Date : june, 28 2010 Critical Level : HIGH Vendor Url : http://www.netartmedia.net/mall/ Author : Sid3^effects aKa HaRi shellc99atyahoo.com special thanks to : r0073r inj3ct0r.com,L0rd...
[SECURITY] Fedora 20 Update: xdialog-2.3.1-13.fc20
Xdialog is designed to be a drop in replacement for the cdialog program. It converts any terminal based program into a program with an X-windows interface. The dialogs are easier to see and use and Xdialog adds even more functionalities help button+box, treeview, editbox, file selector, range box...
[SECURITY] Fedora 19 Update: xdialog-2.3.1-13.fc19
Xdialog is designed to be a drop in replacement for the cdialog program. It converts any terminal based program into a program with an X-windows interface. The dialogs are easier to see and use and Xdialog adds even more functionalities help button+box, treeview, editbox, file selector, range box...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Magnolia CMS 4.5.8 Access Bypass
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ======= CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Aldi Bot - Buy a Botnet just in 10 Euros
Aldi Bot - Buy a Botnet just in 10 Euros Researchers of German security firm G Data have discovered that a bot builder dubbed "Aldi Bot" is currently being offered for that much on underground forums. The Aldi Bot Builder appears to be based on the ZeuS source code. The malware has nothing to do...
Veracode Announces Mobile App Verification Service
Application testing firm Veracode said on Wednesday that it was expanding its service to vet the security of mobile applications to cover Apple iPhone and Google Android devices. In a statement, Veracode said it was accepting submissions of mobile applications for testing for all mobile platforms...
Mandriva Update for krb5 MDVA-2010:177-1 (krb5)
Check for the Version of krb5 OpenVAS Vulnerability Test Mandriva Update for krb5 MDVA-2010:177-1 krb5 Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...