Researchers 'Convinced' Duqu Written By Same Group as Stuxnet

Researchers are fairly confident now that whoever wrote the Duqu malware also was involved in some way in developing the Stuxnet worm. They’re also confident that they have not yet identified all of the individual components of Duqu, meaning that there are potentially some other capabilities that...

[pdf] Skype Vulnerabilities

How to find 0days in Skype techniques & methods HITB Malaysia 2011 http://vulnerability-lab.com/resourc...uments/293.pdf ресёрч о скрытых звонках и определении IP...

http-method-tamper NSE Script

Attempts to bypass password protected resources HTTP 401 status by performing HTTP verb tampering. If an array of paths to check is not set, it will crawl the web server and perform the check against any password protected resource that it finds. The script determines if the protected URI is...

apache2: Fixed several security issues (important)

This update fixes several security issues in the Apache webserver. The patch for the ByteRange remote denial of service attack CVE-2011-3192 was refined and the configuration options used by upstream were added. Introduce new config option: Allow MaxRanges Number of ranges requested, if exceeded,...

Oracle Hyperion ActiveX security vulnerabilities

Buffer overflow in ODBC driver used by ActiveX component, unsafe methods...

rtsp-methods NSE Script

Determines which methods are supported by the RTSP real time streaming protocol server. Script Arguments rtsp-methods.path the path to query, defaults to "" which queries the server itself, rather than a specific url. Example Usage nmap -p 554 --script rtsp-methods Script Output PORT STATE SERVIC...

Inside a Hacker Forum

Hacker forums function as a kind of combination training academy, social network and central bazaar for attackers looking for new tools, methods and techniques. They’re also often patrolled by law enforcement agents and security researchers, but it’s rare that any of the information that those...

Internet Explorer Select Element Cache Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Microsoft Internet Explorer. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

Chinese DDoS Bots Lack Sophistication, Stealth

BARCELONA–China may have caught and passed many western nations in terms of economic power and military might, but, despite its reputation as a major player in the malware economy, many of the bots and DDoS tools that come out of the country are shoddy, cobbled-together malware full of bugs and...

Cytel Studio 9.0.0 - Multiple Vulnerabilities

Luigi Auriemma Application: Cytel Studio: StatXact / LogXact / CrossOver http://www.cytel.com/Software/LogXact.aspx http://www.cytel.com/Software/StatXact.aspx http://www.cytel.com/Software/Crossover.aspx Versions: = 9.0.0 Platforms: Windows Bugs: A strings stack overflow B rows integer overflow ...

Contest Winners Announcement : Wireless Penetration Testing Guide book

Contest Winners Announcement : Wireless Penetration Testing Guide book We ran a competition for the book "Backtrack 5 Wireless Penetration Testing" last week. Today, Vivek Ramachandran, the author of the book and Founder of SecurityTube.net is announcing the winners in the video below. We will be...

PcVue ActiveX multiple security vulnerabilities

Unsafe methods, array index overflow, code execution...

360eshop Secure Store system 0day-vulnerability warning-the black bar safety net

Title: 360eshop Secure Store system 0day Content: 360eshop security store system uses FCK compiler version: 2.6.4.1 Test platform: IIS6 Test method: ----------------------------------------------------------------------- Warning The following test methods may carry offensive, for security researc...

xmpp-info NSE Script

Connects to XMPP server port 5222 and collects server information such as: supported auth mechanisms, compression methods, whether TLS is supported and mandatory, stream management, language, support of In-Band registration, server capabilities. If possible, studies server vendor. Script Argument...

Call for Papers from DefCon Chennai (DC602028)

Call for Papers from DefCon ChennaiDC602028 Background: We are the Official DEF-CON Chennai Group DC602028 The Event is taking place on 11th September 2011 at a resort in ECR Road Chennai,India. We will be having a Private conference room for the meet. Regarding Paper Submission We require...

CheckPoint SSL VPN ActiveX code execution

Unsafe methods allow file upload and execute...

McAfee Security-as-a-Service ActiveX code execution

Insecure methods in MyAsUtil5.2.0.603.dll, myCIOScn.dll...

CentOS Update for neon CESA-2009:1452 centos4 i386

Check for the Version of neon OpenVAS Vulnerability Test CentOS Update for neon CESA-2009:1452 centos4 i386 Authors: System Generated Check Copyright: Copyright c 2011 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under t...

ThreeDify Designer ActiveX security vulnerabilities

Buffer overflo, insecure methods...

EMC Captiva eInput security vulnerabilities

Crossite scripting, unsafe ActiveX methods...