158 matches found
Integrate Your Ticketing System into Database Security to Prevent DBA Privilege Abuse
Many of the recent high-profile data security breaches were made by trusted insiders. They are often database administrators DBAs who are highly privileged and trusted insiders with access to sensitive data. In this blog post, I will discuss the inherent risk introduced by highly privileged...
SQL Injection Vulnerability in check_need_status, check_pay_sum Methods of WK+shop General Mall System
WK+shop is a mall system based on the technology of PHP+MySQL, developed using ThinkPHP5.0 framework, which combines the Witcott mission system with multiple mall systems. WK+shop general mall system checkneedstatus, checkpaysum method SQL injection vulnerability, attackers can construct a specif...
Exploit for Code Injection in Microsoft
CVE-2017-8759 This repo contains sample exploits for CVE-2017...
Speed Cars: Real Racer Need 3D - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Speed Cars: Real Racer Need 3D published at the 'play' market has multiple vulnerabilities...
Need for Speed™ Network - Certificates or keys found, External URLs, KeyStore usage vulnerabilities
HackApp vulnerability scanner discovered that application Need for Speed™ Network published at the 'play' market has multiple vulnerabilities...
High Speed Race: Racing Need - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application High Speed Race: Racing Need published at the 'play' market has multiple vulnerabilities...
kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support
A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADVWILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system...
kernel: NULL pointer dereference in madvise(MADV_WILLNEED) support
A NULL pointer dereference flaw was found in the way the Linux kernel's madvise MADVWILLNEED functionality handled page table locking. A local, unprivileged user could use this flaw to crash the system...
CVE-2014-5921
The Need for Speed Network aka com.ea.nfsautolog.bv application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Information disclosure
The Need for Speed Network aka com.ea.nfsautolog.bv application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
CVE-2014-5921
The CVE-2014-5921 entry concerns the Need for Speed Network Android app (version 1.0.1) and its SSL/TLS trust handling. The vulnerability is that the app does not verify X.509 certificates from SSL servers, enabling a man-in-the-middle to spoof servers and obtain sensitive information via a craft...
CVE-2014-5921
The Need for Speed Network aka com.ea.nfsautolog.bv application 1.0.1 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...
Threat Outbreak Alert: Fake Product Services Specification Request Email Messages on August 29, 2013
Medium Alert ID: 29868 First Published: 2013 July 1 18:53 GMT Last Updated: 2013 August 29 12:36 GMT Version: 9 Summary Cisco Security has detected significant activity related to spam email messages that claim to contain a business specification and outlines for the recipient. The text in the...
Snort 2 - DCE/RPC Preprocessor Buffer Overflow (Metasploit)
This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'Snort 2 DCE/RPC preprocessor Buffer...
Fake Angry Birds Game spreading Malware from Android Market
Fake Angry Birds Game spreading Malware from Android Market From last week premium rate SMS Trojans surfaced in the Android Market. Google has pulled 22 apps that are masquerading as legitimate versions of popular games like Angry Birds and Cut the Rope. Security researchers have discovered a way...
EA Need For Speed Underground Detection
The remote host is running a client relay service for Electronic Arts Need For Speed Underground or a clone of that game. This is a kind of port mapper in that the service provides dynamic port numbers to client software. %NASLMINLEVEL 70300 C Tenable Network Security, Inc...
The big data library default address-vulnerability warning-the black bar safety net
data/dvbbs7. mdb Action Network Forum database /databackup/dvbbs7. mdb Action Network Forum database /bbs/databackup/dvbbs7. mdb Action Network Forum database /admin/data/qcdnnews. mdb green to create article management system database /data/qcdnnews. mdb green to create article management system...
MS Windows Metafile (WMF) Remote File Download Exploit Generator
Exploit for unknown platform in category remote exploits ================================================================ MS Windows Metafile WMF Remote File Download Exploit Generator ================================================================ / \ / WMF nDay download Exploit Generator \ by...
CVE-2004-2099
Buffer overflow in Need for Speed Hot Pursuit 2.0 client NFSHP2, version 242 and earlier, allows remote attackers servers to execute arbitrary code via long 1 gamename, 2 gamever, 3 hostname, 4 gametype, 5 mapname or 6 gamemode commands...
CVE-2004-2099
Buffer overflow in Need for Speed Hot Pursuit 2.0 client NFSHP2, version 242 and earlier, allows remote attackers servers to execute arbitrary code via long 1 gamename, 2 gamever, 3 hostname, 4 gametype, 5 mapname or 6 gamemode commands...