Dolibarr CMS 3.5.3 SQL Injection / Cross Site Scripting

Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the entity parameter, and a database...

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was...

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...

Intel InBusiness eMail Station 1.4.87 Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1844/info A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By...

Kaspersky, Citizen Lab Uncover HackingTeam Mobile Malware

Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work...

Dyreza Banker Trojan Seen Bypassing SSL

Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...

openSUSE Security Update : telepathy-gabble (openSUSE-SU-2011:0303-1)

This update of telepathy-gabble is validating the origin of a google:jingleinfo update message now. Not validating the origin could be used to intercept calls. CVE-2011-1000: CVSS v2 Base Score: 6.4 AV:N/AC:L/Au:N/C:P/I:P/A:N: Input Validation CWE-20 %NASLMINLEVEL 70300 C Tenable Network Security...

Snoopy - A distributed tracking and data interception framework

Snoopy is a distributed tracking and profiling framework which can perform interesting tracking and profiling of mobile users through the use of WiFi. There have been recent initiatives from numerous governments to legalise the monitoring of citizens’ Internet based communications web sites...

OpenSSL re-aeration of the CCS injection vulnerability-vulnerability warning-the black bar safety net

Too much drama last night to see a good piece has about, also good, 2 0 1 2 edition of the perfect memories on, like me such people still choose to use the TV or go to the cinema to see the movie, in the middle of no commercials, experience holding back process, always Suddenly have a lot of idea...

NICE Recording eXpress 6.x Root Backdoor / XSS / Bypass

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Root Backdoor & Unauthenticated access to voice recordings product: NICE Recording eXpress voice recording solution formerly...

tomcat: session fixation still possible with disableURLRewriting enabled

It was found that previous fixes in Tomcat 6 to path parameter handling introduced a regression that caused Tomcat to not properly disable URL rewriting to track session IDs when the disableURLRewriting option was enabled. A man-in-the-middle attacker could potentially use this flaw to hijack a...

Fake Digital Certificates Found in the Wild While Observing Facebook SSL Connections

Visiting a website certified with an SSL certificate doesn’t mean that the website is not bogus. Secure Sockets Layer SSL protect the web users in two ways, it uses public key encryption to encrypt sensitive information between a user’s computer and a website, such as usernames, passwords, or...

Service Worker - first draft published

The first draft of the service worker spec was published today! It's been a collaborative effort between Google, Samsung, Mozilla and others, and implementations for Chrome and Firefox are being actively developed. Anyone interesting in the web competing with native apps should be excited by this...

Open-Xchange Security Advisory 2014-04-08

Product: Open-Xchange AppSuite Vendor: Open-Xchange GmbH Vulnerability type: Information exposure CWE-200 Vulnerable version: 7.4.2 and earlier Vulnerable component: frontend Fixed version: 7.4.2-rev13, 7.4.1-rev11, 7.2.2-rev20 Report confidence: Confirmed Solution status: Fixed by Vendor Vendor...

Vulnerability in Viber Allows Snooping of Images, Videos

UPDATE – Viber, a messaging and VoIP application similar to WhatsApp, is in the middle of patching a vulnerability that could allow an attacker to view sensitive information shared between users like images, videos and location information. The problem is that information transferred by Viber is...

Andiparos - Security tool that can be used for web application security assessments

Andiparos is a fork of the famous Paros Proxy. It is an open source web application security assessment tool that gives penetration testers the ability to spider websites, analyze content, intercept and modify requests, etc. The advantage of Andiparos is mainly the support of Client Certificates ...

Apple Fixes Serious SSL Issue in OSX and iOS

Apple has fixed a serious security flaw that’s present in many versions of both iOS and OSX and could allow an attacker to intercept data on SSL connections. The bug is one of many that the company fixed Tuesday in its two main operating systems, and several of the other vulnerabilities have...

Snoopy Drone Can Hack Your Smartphones

The use of unmanned aerial vehicles UAVS called Drones is rapidly transforming the way we go to war. Drones were once used for land surveillance, Delivering Pizza's, then equipped with bombs that changed the way nations conduct war and now these hovering drones are ready to hack your Smartphones...

[SSLsplit] Transparent and scalable SSL/TLS interception

SSLsplit is a tool for man-in-the-middle attacks against SSL/TLS encrypted network connections. Connections are transparently intercepted through a network address translation engine and redirected to SSLsplit. SSLsplit terminates SSL/TLS and initiates a new SSL/TLS connection to the original...

Apple Ships Critical OS X 10.9.2 Security Update

Apple today shipped a security update resolving a critical certificate-validation vulnerability in its OS X Mavericks operating system. Details of the bug, which exists in OS X version 10.9.1 and is resolved by version 10.9.2, emerged on Friday after the company patched essentially the same bug i...