WordPress Import Woocommerce 1.0.1 Cross Site Scripting

FULL DISCLOSURE Product : Import Woocommerce Exploit Author : Rahul Pratap Singh Version : 1.0.1 Home page Link : https://wordpress.org/plugins/import-woocommerce/ Website : 0x62626262.wordpress.com Linkedin : https://in.linkedin.com/in/rahulpratapsingh94 Date : 24/Feb/2016 XSS Vulnerability:...

Important: Red Hat Security Advisory: qemu-kvm-rhev security update

Updated qemu-kvm-rhev packages that fix one security issue are now available for Red Hat Enterprise Linux OpenStack Platform 5.0, 6.0 and 7.0, for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System...

How to Hack Millions of Android Phones Using Stagefright Bug, Without Sending MMS

Earlier this week, security researchers at Zimperium revealed a high-severity vulnerability in Android platforms that allowed a single multimedia text message to hack 950 Million Android smartphones and tablets. As explained in our previous article, the critical flaw resides in a core Android...

How to Detect Exploits of the GHOST Buffer Overflow Vulnerability

The GHOST vulnerability is a buffer overflow condition that can be easily exploited locally and remotely, which makes it extremely dangerous. This vulnerability is named after the GetHOSTbyname function involved in the exploit. Attackers utilize buffer overflow vulnerabilities like this one by...

Report Companies Still Not Patching Security Vulnerabilities

The Cisco 2015 Annual Security Report is out and the findings are troubling as always: for every positive finding in the report, it seems, there is a negative finding, neutralizing any gains in the network security struggle. Chief information security officers say their security postures are stro...

VMSA-2014-0013:VMware vCloud Automation Center product updates address a CRITICAL remote privilege escalation vulnerability

VMSA-2014-0013 VMware vCloud Automation Center product updates address a critical remote privilege escalation vulnerability VMware Security Advisory VMware Security Advisory Advisory ID: VMSA-2014-0013 VMware Security Advisory Synopsis: VMware vCloud Automation Center product updates address a...

Microsoft Internet Explorer内存破坏漏洞(CVE-2014-0309)

BUGTRAQ ID: 66034 CVECAN ID: CVE-2014-0309 Internet Explorer是微软公司推出的一款网页浏览器。 Internet Explorer 没有正确访问内存对象，在实现上存在远程代码执行漏洞，成功利用后可破坏内存，在当前用户权限下执行任意代码。 0 Microsoft Internet Explorer 6-11 厂商补丁： Microsoft --------- Microsoft已经为此发布了一个安全公告（MS14-012）以及相应补丁: MS14-012：Cumulative Security Update for Internet...

Wikipedia Remote Execution Vulnerability Patched

A serious remote code execution vulnerability was recently patched by the Wikimedia Foundation. The flaw could have put at risk any of the foundation’s sites running MediaWiki software, including Wikipedia. Researchers within Check Point Software Technologies’ Vulnerability Research Group...

[Secunia CSI 7.0] Next generation Patch Management Tool

Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National...

How Visual Studio Makes Your Applications Vulnerable to Binary Planting

Microsoft Visual Studio can automatically make an application binary planting-positive i.e., vulnerable even when the developer makes no programming errors. Every MFC application seems to be automatically made vulnerable, with those statically linking MFC libraries actually having the vulnerable...