iPhone Instagram users vulnerable to hackers

Instagram - Facebook's popular photo sharing app for iOS, is currently has a vulnerability that could make your account susceptible to hackers. A security researcher Carlos Reventlov published on Friday another attack on Facebook's Instagram photo-sharing service that could allow a hacker to seiz...

[USN-1642-1] Lynx vulnerabilities

========================================================================== Ubuntu Security Notice USN-1642-1 November 29, 2012 lynx-cur vulnerabilities ========================================================================== A security issue affects these releases of Ubuntu and its derivatives:...

Ubuntu 10.04 LTS / 11.10 / 12.04 LTS / 12.10 : lynx-cur vulnerabilities (USN-1642-1)

Dan Rosenberg discovered a heap-based buffer overflow in Lynx. If a user were tricked into opening a specially crafted page, a remote attacker could cause a denial of service via application crash, or possibly execute arbitrary code as the user invoking the program. This issue only affected Ubunt...

Apache Tomcat 6.0.x < 6.0.36 Multiple Vulnerabilities

Binary data 800612.prm...

Apache Tomcat 7.0.x < 7.0.28 Multiple DoS

Binary data 6623.pasl...

Windows 8 Malware Using Google Docs to Target Brazilians

New malware targeting Windows 8 appears to be using Google Docs as a proxy server instead of directly connecting to a command and control C&C server. According to research done by Symantec and discussed in the company’s Security Response blog late last week, a Trojan, Backdoor.Makadocs, targets...

Facebook Enabling HTTPS by Default for North American Users

Facebook this week will begin turning on secure browsing be default for its millions of users in North America. The change will make HTTPS the default connection option for all Facebook sessions for those users, a shift that gives them a good baseline level of security and will help prevent some...

Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll Code Execution

Novell NetIQ Privileged User Manager version 2.3.1 suffers from a perl code evaluation remote command execution vulnerability in ldapagnteval in ldapagnt.dll. The secure web interface contains a flaw which allows, without prior authentication, to execute a Perl script with SYSTEM privileges. This...

Novell NetIQ Privileged User Manager 2.3.1 - ldapagnt.dll ldapagnt_eval() Perl Code Evaluation Remote Code Execution

Novell NetIQ Privileged User Manager 2.3.1 - ldapagnt.dll ldapagnteval Perl Code Evaluation Remote Code Execution Novell NetIQ Privileged User Manager 2.3.1 ldapagnt.dll ldapagnteval Perl Code Evaluation RCE pre auth/SYSTEM Tested against: Microsoft Windows 2003 r2 sp2 download url:...

[GNUnet P2P Framework] v 0.9.4

GNUnet is a framework for secure peer-to-peer networking that does not use any centralized or otherwise trusted services. A first service implemented on top of the networking layer allows anonymous censorship-resistant file-sharing. Anonymity is provided by making messages originating from a peer...

Mozilla Adding More Stringent HTTPS Enforcement to Firefox

Mozilla is adding an extra layer of security in its Firefox browser by implementing HTTP Strict Transport Security HSTS, a mechanism that will force some sites into establishing a secure, HTTPS connection with the browser if its presented with the right certificate. According to an entry on...

EFF Raises Questions on Privacy Leaks in Ubuntu

The EFF is warning users of Ubuntu’s latest release that the open-source operating system sends their search queries to third parties, including Amazon, by default, and that some of their search results may be viewable by other users on the same network. The privacy leaks are present in Ubuntu...

WinRM Authentication Method Detection

This module sends a request to an HTTP/HTTPS service to see if it is a WinRM service. If it is a WinRM service, it also gathers the Authentication Methods supported. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework cla...

Fixed in Apache Tomcat 6.0.36

Important: Denial of service CVE-2012-2733 The checks that limited the permitted size of request headers were implemented too late in the request parsing process for the HTTP NIO connector. This enabled a malicious user to trigger an OutOfMemoryError by sending a single request with very large...

Legrand-003598 / Bticino-F454 Credential Disclosure

OVERVIEW Credential leaks lead to complete compromise of home automation system 2. BACKGROUND The 2 devices are identical, and act as an IP gateway between the SCS home automation bus, and an IP network. The devices uses https for the web-front, and is also open on port 20000 with an semi open...

HTTPS Everywhere 3.0 Released

The EFF has released an updated version of its popular HTTPS Everywhere browser plugin, which enables users to automatically connect over HTTPS to many sites. The newest version of the extension now supports more than 1,500 sites. The EFF developed HTTPS Everywhere in collaboration with The Tor...

IETF Approves HSTS as Proposed Standard

One of the things that makes attackers dance around their basement lairs is finding unencrypted Web sessions. Sites that don’t give users the option to use HTTPS make life that much easier for attackers trying to hijack users’ Web sessions or eavesdrop on them. The IETF has taken a big step towar...

Apple Jailbroken Device Detection via HTTPS

Binary data 7063.pasl...

CVE-2012-2125 CVE-2012-2126 rubygems: Two security fixes in v1.8.23

RubyGems before 1.8.23 can redirect HTTPS connections to HTTP, which makes it easier for remote attackers to observe or modify a gem during installation via a man-in-the-middle attack...

Apple Safari URL处理安全限制绕过漏洞

BUGTRAQ ID: 55626 CVE ID: CVE-2012-3715 Safari是苹果计算机的最新作业系统Mac OS X中的浏览器，使用了KDE的KHTML作为浏览器的运算核心。 Apple Safari 6.0.1之前版本处理地址栏中的HTTPS URL时存在逻辑错误。如果通过黏贴文本编辑部分地址，请求会被通过HTTP意外发送。 0 Apple Safari 6.x 厂商补丁： Apple ----- Apple已经为此发布了一个安全公告（APPLE-SA-2012-09-19-3）以及相应补丁:...