117 matches found
What DNA testing kit companies are really doing with your data
Sarah hovered over the mailbox, envelope in hand. She knew as soon as she mailed off her DNA sample, there’d be no turning back. She ran through the information she looked up on 23andMe’s website one more time: the privacy policy, the research parameters, the option to learn about potential healt...
U.S. Secret Service Warns ID Thieves are Abusing USPS’s Mail Scanning Service
A year ago, KrebsOnSecurity warned that "Informed Delivery," a new offering from the U.S. Postal Service USPS that lets residents view scanned images of all incoming mail, was likely to be abused by identity thieves and other fraudsters unless the USPS beefed up security around the program and ma...
USPS Finally Starts Notifying You by Mail If Someone is Scanning Your Snail Mail Online
In October 2017, KrebsOnSecurity warned that ne'er-do-wells could take advantage of a relatively new service offered by the U.S. Postal Service that provides scanned images of all incoming mail before it is slated to arrive at its destination address. We advised that stalkers or scammers could...
USPS ‘Informed Delivery’ Is Stalker’s Dream
A free new service from the U.S. Postal Service that provides scanned images of incoming mail before it is slated to arrive at its destination address is raising eyebrows among security experts who worry about the service's potential for misuse by private investigators, identity thieves, stalkers...
michaelpage.pe XSS vulnerability
Vulnerable URL: http://www.michaelpage.pe/jobs/asd" Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 741182 VIP website status:| No Coordinated Disclosure Timeline: Description| Value ---|--- Vulnerability submitt...
WordPress Photocart Link 1.6 Local File Inclusion
Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...
WordPress Plugin Photocart Link 1.6 - Local File Inclusion
Exploit Title: Wordpress Plugin Photocart Link - Local File Inclusion Exploit Author: CrashBandicot @DosPerl Date: 2016-03-27 Google Dork : inurl:/wp-content/plugins/photocart-link/ Vendor Homepage: https://fr.wordpress.org/plugins/photocart-link/ Tested on: MSWin32 Version: 1.6 Vuln file :...
Apple Clarifies Privacy Policy
Apple’s clarified and repackaged privacy policy is merely the storefront to a company-wide decision to make the safety and integrity of user data a differentiator among large technology companies, experts said. The new privacy policy appeared today filled with practical advice for users, describi...
WordPress Albo Pretorio Online 3.2 - Multiple Vulnerabilities
Exploit for php platform in category web applications Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...
WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities
WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link:...
WordPress Plugin Albo Pretorio Online 3.2 - Multiple Vulnerabilities
Exploit Title: Albo Pretorio Online 3.2 Multiple Vulnerabilities Google Dork: inurl:/?action=visatto Date: 09/06/2015 Exploit Author: Alessandro Cingolani Vendor Homepage: http://plugin.sisviluppo.info/ Software Link: https://downloads.wordpress.org/plugin/albo-pretorio-on-line.3.2.zip Version: 3...
UNIT4 Prosoft HRMS 8.14.230.47 Cross Site Scripting
Vulnerability type: Cross-site Scripting Vendor: http://www.unit4.com/ Product: UNIT4 Prosoft HRMS Product site: http://www.unit4apac.com/products/prosofthrms Affected version: 8.14.230.47 Fixed version: 8.14.330.43 Credit: Jerold Hoong & Edric Teo PROOF OF CONCEPT The login page of UNIT4's Proso...
Absolut Engine 1.73 - Multiple Vulnerabilities
CMS Absolute Engine version 1.73 suffers from cross site scripting and remote SQL injection vulnerabilities. Advisory: Multiple SQL Injections and Reflecting XSS in Absolut Engine v.1.73 CMS Author: Steffen Rösemann Affected Software: CMS Absolut Engine v. 1.73 Vendor URL:...
Wordpress Usernoise Plugin 3.7.8 - Persistent XSS Vulnerability
No description provided by source. Details ============================= Application: Usernoise http://usernoise.karevn.com/ Version: 3.7.8 probably earlier versions as well Type: Wordpress plugin Developer: Nikolay Karev http://karevn.com/ - http://profiles.wordpress.org/karevn/ Vulnerability:...
Novell Sentinel Log Manager <= 1.2.0.2 - Retention Policy Vulnerability
No description provided by source. Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo Usage: basename $0 target exit 1 fi echo POST...
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability
Syhunt Advisory: CGILua session.lua Predictable Session ID Vulnerability Advisory-ID: 201404301 Discovery Date: 03.27.2014 Release Date: 04.30.2014 Affected Applications: CGILua 5.0.x, CGILua 5.1.x., CGILua 5.2 alpha 1 & CGILua 5.2 alpha 2 Class: Predictable Session ID Status: Unpatched/Vendor...
Novell Sentinel Log Manager 1.2.0.2 - Retention Policy
Novell Sentinel Log Manager 1.2.0.2 - Retention Policy Novell Sentinel Log Manager ver. =1.2.0.2 allows unauthenticated users configuring retention policies. Vendor informed: 2012/09/06 Patch Released: 2012/09/21 PoC: !/bin/bash TARGET=$1 PORT=8443 if $ -ne 1 ; then echo "Usage: basename $0 targe...
PHP Address Book 6.2.12 Multiple vulnerabilities
Exploit for php platform in category web applications Advisory: PHP Address Book 6.2.12 Multiple security vulnerabilities Author: Stefan Schurtz Affected Software: Successfully tested on PHP Address Book 6.2.12 Vendor URL: http://sourceforge.net/projects/php-addressbook/ Vendor Status: informed...
SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities
Advisory: SQLiteManager 1.2.4 Multiple Cross-Site-Scripting vulnerabilities Advisory ID: INFOSERVE-ADV2011-12 Author: Stefan Schurtz Contact: [email protected] Affected Software: Successfully tested on SQLiteManager 1.2.4 Vendor URL: http://www.sqlitemanager.org/ Vendor Status: informed...
Linux Kernel 2.6.38 Remote NULL Pointer Dereference
Linux Kernel 2.6.38 Remote NULL Pointer Dereference ==================================================== Advisory Information Title: Linux kernel 2.6.38: Remote NULL pointer dereference Release date: 11/05/2011 Last update: 11/05/2011 Credits: Aristide Fattori, Universitа degli Studi di Milano...