Security Alert : vBulletin 4.X Security SQL Injection & CSRF/XSRF Exploits available !

Security Alert : vBulletin 4.X - SQL Injection & CSRF/XSRF Exploits available ! Two Serious Security Flaws are detected in vBulletin 4.X Versions and also their Security SQL Injection & CSRF/XSRF Exploits are now also available. Impact of these Flaws: Lots of big Forums are on vBulletin 4.X...

Google & Mozilla Patches Browsers Before Pwn2Own Hacker Contest !

Now that the annual Pwn2Own hacking contest is around the corner, both Google and Mozilla are busy patching flaws in their respective browsers to appear competent in the contest. Both internet giants have reportedly updated their browsers for the contest that is due to take place next week at the...

Windows Escalate Locked Desktop Unlocker

This module unlocks a locked Windows desktop by patching the respective code inside the LSASS.exe process. This patching process can result in the target system hanging or even rebooting, so be careful when using this module on production systems. This module requires Metasploit:...

It's Time to Move Away From the Build or Break Mentality

SAN FRANCISCO–The vulnerability disclosure and patching arms race that has developed in the last decade or so in the security industry has made life extremely difficult not just for the developers writing code, but also for the folks who are interested in helping to fix broken applications. A new...

CA20101231-01: Security Notice for CA ARCserve D2D (updated)

CA20101231-01: Security Notice for CA ARCserve D2D Issued: December 31, 2010 Last Updated: January 26, 2011 CA Technologies support is alerting customers to a security risk with CA ARCserve D2D. A vulnerability exists that can allow a remote attacker to execute arbitrary code. CA has issued an...

Klaus-rabus Dipl.Graphics-Designer Ecommerce Cross Site Scripting / Local File Inclusion

================================================================ Klaus-rabus Dipl.Graphics-Designer Ecommerce V.1.x Multiple Vulnerabilities ================================================================ Vendor: Dipl. Graphics-Designer KH Site : Http://www.klaus-rabus.de Author : R3VANBASTARD...

Critical PHP Bug Security Notice and Patch

Earlier this week, a PHP Security Notice was made due to a critical bug in PHP that could cause PHP to fail should a value of 2.2250738585072011e-308 be set to a PHP value. More information can be found here: http://bugs.php.net/bug.php?id=53632...

Lessons From the WikiLeaks DDoS Attacks

Denial of Service DoS attacks are a common method used to take down Websites, servers, or even sections of the Internet. These attacks typically come in two forms: Distributed DoS DDos and DoS attacks. DDoS create a flood of traffic to a Website, server, or section of the internet that overwhelms...

Pligg 1.1.2 Blind SQL Injection and XSS Vulnerabilities

Exploit for php platform in category web applications Credit: Michael Brooks Special thanks to Eric Heikkinen for patching these quickly. Blind SQL Injection http://host/pligg1.1.2/search.php?adv=1&status= 'and+sleep9or+sleep9or+1%3D' &search=on&advancesearch= Search...

Pligg CMS 1.1.2 - Blind SQL Injection Cross-Site Scripting

Pligg CMS 1.1.2 - Blind SQL Injection Cross-Site Scripting Credit: Michael Brooks Special thanks to Eric Heikkinen for patching these quickly. Blind SQL Injection http://host/pligg1.1.2/search.php?adv=1&status= 'and+sleep9or+sleep9or+1%3D' &search=on&advancesearch= Search...

Mitel's AWC Command Execution

http://www.procheckup.com/vulnerabilitymanager/vulnerabilities/pr10-14 PR10-14 Unauthenticated command execution within Mitel's AWC Mitel Audio and Web Conferencing Advisory publicly released: Tuesday, 21 December 2010 Vulnerability found: Wednesday, 21 July 2010 Vendor informed: Monday, 26 July...

5) Duh. Patch.

Much as we like to blame cybercriminals or unscrupulous merchants, much of the responsibility for security is in our hands. In particular: we’re responsible for the security of our computers and mobile devices. That’s especially true when we’re planning to use those systems to go shopping online,...

Netcraft Toolbar 1.8.1 Code Execution

// runs calc.exe var shellc...

CERT Issues Advisory On RealPlayer Holes

US CERT has issued an advisory following the release, late last week, of a critical patch from RealNetworks for seven vulnerabilities in its common RealPlayer software. CERT recommended users and administrators to review the advisory from Realnetworks to determine which RealPlayer products were...

Mandriva Update for pcmanfm MDVA-2010:192 (pcmanfm)

Check for the Version of pcmanfm OpenVAS Vulnerability Test Mandriva Update for pcmanfm MDVA-2010:192 pcmanfm Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

New Jailbreak Could Defy Patching on iPhones, iPads

Code that allows Apple customers to circumvent that company’s exclusive content protection features was released on Wednesday, with security researchers warning that the hack could be impossible for Apple to fix on devices that have already been manufactured. The Chronic Development Team, a group...

Microsoft to Issue Emergency Patch for Critical Windows Flaw

Microsoft will issue an out-of-band patch on Monday for a critical vulnerability in all of the current versions of Windows. The company didn’t identify which flaw it will be patching, but the description of the vulnerability is a close match to the LNK flaw that attackers have been exploiting for...

Third-Party Apps Seen as Biggest Security Risk Now

A new report shows that the number of reported vulnerabilities in major commercial software products is accelerating, and that Apple’s products now have more vulnerabilities than those of any other major vendor. Perhaps more importantly, though, is the fact that third-party applications now accou...

Mandriva Update for kdebase MDVSA-2010:074 (kdebase)

Check for the Version of kdebase OpenVAS Vulnerability Test Mandriva Update for kdebase MDVSA-2010:074 kdebase Authors: System Generated Check Copyright: Copyright c 2010 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it unde...

MS Will Patch Unknown Windows 7 Bug

Later today, Microsoft will play it safe by patching a Windows 7 bug that it says can’t be exploited. Read the full article. Computerworld...