OpenSSL Releases Security Advisory

OpenSSL has released updates patching 6 vulnerabilities, which may allow an attacker to decrypt or modify traffic between a vulnerable client and server, cause a denial of service condition, or remotely execute arbitrary code. The following updates are available: OpenSSL 0.9.8 SSL/TLS users shoul...

DARPA Cyber Grand Challenge Finale Set For DEF CON 2016

DARPA’s announcement last October that it would sponsor a $2 million contest, challenging academics and security industry stalwarts to come up with an automated network defense system, has already attracted 35 entrants and a high-profile venue to stage the tournament finale. The final stage of th...

May 2014 Microsoft Patch Tuesday Security Updates

As expected, Microsoft today pushed its largest batch of Patch Tuesday updates so far this year today – eight bulletins, two critical – addressing 13 issues in Internet Explorer and Sharepoint Server, along with Windows, Office and its .NET Framework. The first critical issue that involves IE...

The HeartBleed vulnerability: the bloody appearance is a peaceful-vulnerability warning-the black bar safety net

The recent Heart bleed vulnerability on the Internet set off a Xuan however huge wave, as the basis for security software major loopholes, far-reaching, the major Internet company, party A and party B, white hat and even CCTV and other media all act together against the common enemy, the race to...

SCADA Vulnerabilities Identified in Power, Petrochemical Plants

More than 7,600 different power, chemical and petrochemical plants may still be vulnerable to a handful of SCADA vulnerabilities made public this week. A researcher at Rapid 7, the Boston-based firm responsible for the popular pen testing software Metasploit, and an independent security researche...

GnuTLS Releases Security Update

GnuTLS has released security updates to address a vulnerability affecting certificate verification functions. An attacker could use a specially crafted X509 certificate to bypass validation checks, impersonate legitimate web sites or services, and perform man-in-the-middle attacks. Many Linux...

OkCupid: https://www.okcupid.com/hidden-users CSRF vulnerability.

Hi, The html code below : Will make it possible to hide an user.. You can patch this by supplying a CSRF token : Best regards, Olivier Beg...

MariaDB多个拒绝服务漏洞

MariaDB基于事务的Maria存储引擎，替换了MySQL的MyISAM存储引擎，它使用了Percona的 XtraDB，InnoDB的变体，分支的开发者希望提供访问即将到来的MySQL 5.4 InnoDB性能。 1），当处理某些编写有子查询的SELECT语句时的空指针引用错误，可以被利用来导致系统崩溃。 成功利用此漏洞，需要在"materialization"和"semijoin"优化切换到打开时。 2） 处理有某些并发的SQL查询的KILL查询语句时的错误，可被利用来导致系统崩溃。 3）分析NAMECONST表达式时包含AND/OR表达式，可以被利用来导致系统崩溃。...

MyBB 1.6.12 SQL Injection

IIIIIIII RRRRRRRRRRRR HHHHHHHH HHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRRRRRRRR HHHHHHHHHHHHHHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIII RRRR RRRR HHHH HHHH IIIIIIII RRRRRRRR RRRRRR...

[DVIA] Damn Vulnerable iOS Application

.png Damn Vulnerable iOS App DVIA is an iOS application that is damn vulnerable. Its main goal is to provide a platform to mobile security enthusiasts/professionals or students to test their iOS penetration testing skills in a legal environment. This application covers all the common...

Poor Patching, Passwords Plague Government Computers

A damning report on the security of government computers paints an unflattering picture of lax or non-existent patching efforts, poor password policies, configuration errors and a general lack of confidence that exposes critical services and systems to attack. The report, “The Federal Government’...

Test your Mobile Hacking and Penetration testing Skills with Damn vulnerable iOS app

Smartphones are powerful and popular, with more than thousands of new mobile apps hitting the market everyday. Apps and mobile devices often rely on consumers' data, including private information, photos, and location, that can be vulnerable to data breaches, surveillance and real-world thieves...

VMware Security Updates for vCenter Server (VMSA-2013-0006)

VMware has updated vCenter Server to address multiple security vulnerabilities. OpenVAS Vulnerability Test $Id: gbvcenterVMSA-2013-0006.nasl 6637 2017-07-10 09:58:13Z teissa $ VMware Security Updates for vCenter Server VMSA-2013-0006 Authors: Michael Meyer Copyright: Copyright c 2014 Greenbone...

DOE Breach Report Blasts Poor Patching, IT Management

The U.S. Department of Energy has thrown back the covers on a July breach that exposed the personal information of more than 104,000 individuals, painting a less than flattering portrait of IT and agency management failures around vulnerability management, access controls and a general lack of...

Debian DSA-2804-1 : drupal7 - several vulnerabilities

Multiple vulnerabilities have been discovered in Drupal, a fully-featured content management framework: Cross-site request forgery, insecure pseudo random number generation, code execution, incorrect security token validation and cross-site scripting. In order to avoid the remote code execution...

D-Link Router Vulnerable to Reflected, Stored XSS

D-Link’s 2760N DSL-2760U-BN routers allegedly contain a number of stored and reflective cross-site scripting XSS vulnerabilities. Researcher Liad Mizrachi said he contacted D-Link to disclose the details of the bugs to them on six separate occasions – twice in August, twice in September, and once...

DARPA Cyber Grand Challenge Offers $2M to Winners

The bug bounty continues to be turned on its ear. Microsoft began the wave of paying premium money for mitigation technologies via its Blue Hat prizes, and now DARPA has gone all-in to the tune of $2 million for the development of an automated network defense system that not only scans for and...

Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability

Title: ====== Monstra CMS v1.2.0 - Blind SQL Injection Vulnerability Date: ===== 2013-09-20 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1081 VL-ID: ===== 1081 Common Vulnerability Scoring System: ==================================== 8.7 Introduction: =============...

Cisco IOS Update Patches Eight Vulnerabilities

Telecommunications company Cisco this week is warning customers and those running their software of eight separate vulnerabilities it has patched in its internetwork operating system IOS infrastructure product. Cisco’s Product Security Incident Response Team PSIRT released the advisories yesterda...

Ubuntu: Security Advisory (USN-1940-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...