Hacking Facebook User 'Access Token' with Man-in-the-Middle Attack

Facebook has several security measures to protect users' account, such as a user "access token" is granted to the Facebook application like Candy Crush Saga, Lexulous Word Game, when the user authorizes it, it provides temporary and secure access to Facebook APIs. To make this possible, users hav...

HTTPS Traffic Attacks Leak Sensitive Personal Details

One thing that’s been made abundantly clear by mathematicians and cryptographers alike is that despite the NSA’s dragnet surveillance of phone calls and Internet traffic, the spy agency has not been able to crack the math holding up encryption technology. Those who wish to spy and steal on the...

HTTPS can leak your Personal details to Attackers

Explosive revelations of massive surveillance programs conducted by government agencies by the former contractor Edward Snowden triggered new debate about the security and privacy of each individual who is connected somehow to the Internet and after the Snowden’s disclosures they think that by...

GnuTLS certificate verification security vulnerability found

GnuTLS, an open source SSL and TLS implementation used in hundreds of software packages including Red Hat desktop and server products and all Debian and Ubuntu Linux distributions, is the latest crypto package to improperly verify digital certificates as authentic. The vulnerability, discovered a...

[Responder] a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server

Responder is a LLMNR and NBT-NS poisoner, with built-in HTTP/SMB/MSSQL/FTP/LDAP rogue authentication server supporting NTLMv1/NTLMv2/LMv2, Extended Security NTLMSSP and Basic HTTP authentication. This tool is first an LLMNR and NBT-NS responder, it will answer to specific NBT-NS NetBIOS Name...

CVE-2011-3634

methods/https.cc in apt before 0.8.11 accepts connections when the certificate host name fails validation and Verify-Host is enabled, which allows man-in-the-middle attackers to obtain repository credentials via unspecified vectors...

Webuzo 2.1.3 - Multiple Vulnerabilities

Exploit Title: Webuzo Multiple Vulnerabilities Date: 7 October 2013 Exploit Author: Mahendra Vendor Homepage: www.webuzo.com Software Link: http://downloads.webuzo.com/va.php Version: 2.1.3, other version might be vulnerable. Tested on: CentOS release 6.2 FINAL CVE : CVE-2013-6041, CVE-2013-6042,...

Fedora Update for apache-commons-fileupload FEDORA-2014-2175

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

VNC Server (Reflective Injection), Reverse Hop HTTP/HTTPS Stager

Inject a VNC Dll via a reflective loader staged. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

Reflective DLL Injection, Reverse Hop HTTP/HTTPS Stager

Inject a DLL via a reflective loader. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit: https://metasploit.com/download Current source:...

Windows Meterpreter (Reflective Injection), Reverse Hop HTTP/HTTPS Stager

Inject the Meterpreter server DLL via the Reflective Dll Injection payload staged. Requires Windows XP SP2 or newer. Tunnel communication over an HTTP or HTTPS hop point. Note that you must first upload data/hop/hop.php to the PHP server you wish to use as a hop. This module requires Metasploit:...

[SECURITY] Fedora 19 Update: curl-7.29.0-13.fc19

curl is a command line tool for transferring data with URL syntax, supporti ng FTP, FTPS, HTTP, HTTPS, SCP, SFTP, TFTP, TELNET, DICT, LDAP, LDAPS, FILE, I MAP, SMTP, POP3 and RTSP. curl supports SSL certificates, HTTP POST, HTTP PUT, FTP uploading, HTTP form based upload, proxies, cookies,...

Unified Automation OPC SDK OpenSSL Vulnerability

OVERVIEW On April 09, 2014, Unified Automation GmbH announced that its OPC UA Software Development Kits SDKs for Windows included vulnerable OpenSSL libraries. HTTPS support is disabled by default in Unified Automation SDK products. However if HTTPS is used, Unified Automation recommends replacin...

Symantec Endpoint Protection Manager XML外部实体注入漏洞

BUGTRAQ ID: 65466 CVECAN ID: CVE-2013-5014 Symantec Endpoint Protection SEP是由Symantec Corporation开发的新一代反病毒和防火墙产品。 Symantec Endpoint Protection Manager 11.0、Symantec Endpoint Protection Center Small Business Edition 12.0、Symantec Endpoint Protection Manager...

CentOS Update for wget CESA-2014:0151 centos6

Check for the Version of wget OpenVAS Vulnerability Test CentOS Update for wget CESA-2014:0151 centos6 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the...

wget security update

CentOS Errata and Security Advisory CESA-2014:0151 An updated wget package that fixes one security issue and one bug is now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having Low security impact. A Common Vulnerability Scoring System CVSS...

RedHat Update for wget RHSA-2014:0151-01

Check for the Version of wget OpenVAS Vulnerability Test RedHat Update for wget RHSA-2014:0151-01 Authors: System Generated Check Copyright: Copyright C 2014 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms o...

Scientific Linux Security Update : wget on SL6.x i386/x86_64 (20140210)

It was discovered that wget used a file name provided by the server when saving a downloaded file. This could cause wget to create a file with a different name than expected, possibly allowing the server to execute arbitrary code on the client. CVE-2010-2252 Note: With this update, wget always us...

RHEL 6 : wget (RHSA-2014:0151)

The remote Redhat Enterprise Linux 6 host has a package installed that is affected by a vulnerability as referenced in the RHSA-2014:0151 advisory. The wget package provides the GNU Wget file retrieval utility for HTTP, HTTPS, and FTP protocols. Wget provides various useful features, such as the...

RedHat Update for wget RHSA-2014:0151-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...