FBI Arrested CEO of 'StealthGenie' for Selling Mobile Spyware Apps

The Federal Bureau of Investigation FBI has arrested the CEO of a UK-based company for allegedly advertising and selling a spyware app to individuals who suspect their romantic partners of cheating on them. The dodgy cell phone spyware application, dubbed as StealthGenie, monitors victims’ phone...

Session fixation

The Web component in IBM Rational ClearQuest 7.1 before 7.1.2.15, 8.0.0 before 8.0.0.12, and 8.0.1 before 8.0.1.5 does not set the secure flag for the session cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an...

CVE-2014-3103

The CVE-2014-3103 entry applies to IBM Rational ClearQuest Web. Affected: ClearQuest Web sessions using SSL where the session cookie lacks the Secure attribute, enabling potential interception of cookies transmitted over HTTP. Affected versions include 7.1.x (up to 7.1.2.15), 8.0.x (up to 8.0.0.1...

Apple Launches iOS 8, Fixes Dozens of Security Flaws

Apple has released iOS 8, a massive update to its mobile operating system, that includes fixes for more than 40 security vulnerabilities. Apple is touting iOS 8 as the biggest update to the software since it launched the App Store, and, aside from the security fixes, there are hundreds of new...

Session fixation

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

CVE-2014-3092

IBM Jazz Team Server, as used in Rational Collaborative Lifecycle Management; Rational Quality Manager 3.x before 3.0.1.6 iFix 3, 4.x before 4.0.7, and 5.x before 5.0.1; and other Rational products, does not set the secure flag for the session cookie in an https session, which makes it easier for...

Using QQ panel login authentication is not strictly+Arp sniffing to login within the network of the other QQ space,Weibo, etc free password-vulnerability warning-the black bar safety net

This can be said that there is no technical content,just saying an idea,first simple demo. 1. Open burp set up the browser proxy and then under the QQ panel, QQ space fast landing you can see the burp intercept,is the intercept of this segment of the RUL ! 2. Put this URL copy the following down ...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-0905

The vulnerability CVE-2014-0905 affects IBM InfoSphere BigInsights Console (Versions 2.0–2.1.2). The root cause is that the LTPA cookie does not set the Secure attribute in HTTPS sessions, allowing a man‑in‑the‑middle to intercept potentially sensitive cookies transmitted over non-HTTP (insecure)...

CVE-2014-0905

IBM InfoSphere BigInsights 2.0 through 2.1.2 does not set the secure flag for the LTPA cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Session fixation

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

CVE-2014-3853

Pyplate 0.08 does not set the secure flag for the id cookie in an https session, which makes it easier for remote attackers to capture this cookie by intercepting its transmission within an http session...

Dolibarr CMS 3.5.3 - Multiple Security Vulnerabilities

No description provided by source. Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in th...

Dolibarr CMS 3.5.3 SQL Injection / Cross Site Scripting

Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was submitted in the entity parameter, and a database...

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities

Dolibarr ERPCRM 3.5.3 - Multiple Vulnerabilities Vulnerability Name: SQL injection Severity: Critical URL: http://localhost/dolibarr/user/fiche.php Affected Users: All authenticated users Issue details: The "entity" parameter appears to be vulnerable to SQL injection attacks. A single quote was...

Intel InBusiness eMail Station 1.4.87 Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1844/info A buffer overflow exists in the Intel InBusiness eMail Station, a dedicated email device. When attempting to establish a connection, the username submitted to the device is not properly filtered for length. By...

PHP File Sharing System 1.5.1 - Multiple Vulnerabilities

No description provided by source. Title: PHP File Sharing System 1.5.1 Multiple Vulnerabilities Author: blake Tested on: Windows XP SP3 with xampplite 1 XSS http://192.168.1.149/fss/index.php?cam= 2 Directory transversal http://192.168.1.149/fss/index.php?cam=/../../../../../../../.. 3 Shell...

Kaspersky, Citizen Lab Uncover HackingTeam Mobile Malware

Controversial spyware commercially developed by Italy’s HackingTeam and sold to governments and law enforcement for the purpose of surveillance, has a global command and control infrastructure and for the first time, security experts have insight into how its mobile malware components work...

Dyreza Banker Trojan Seen Bypassing SSL

Banker Trojans have proven to be reliable and effective tools for attackers interested in quietly stealing large amounts of money from unwitting victims. Zeus, Carberp and many others have made piles of money for their creators and the attackers who use them, and researchers have been looking at ...