MiniUPnPd 1.0 - Remote Stack Buffer Overflow Remote Code Execution (Metasploit)

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit3 'MiniUPnPd 1.0 Stack Buffer Overflow...

MiniUPnPd 1.0 Stack Buffer Overflow Remote Code Execution

This module exploits the MiniUPnP 1.0 SOAP stack buffer overflow vulnerability present in the SOAPAction HTTP header handling. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'MiniUPnPd 1.0 Stac...

Malicious Firefox, Chrome Extensions Target Facebook Users

Facebook users are being warned of malicious Firefox and Chrome extensions that can give an attacker remote control over a Facebook profile. Microsoft has seen an increase in activity around these extensions, in particular in Brazil. The threat is detected as Trojan:JS/Febipos.A and has been...

Pentagon Decision Moves Android Security in Right Direction

Android’s security gets its share of grief, but perhaps it’s been a bit misguided. Like many other popular open source technologies, there are a number of different flavors of the mobile platform, each with its security properties and nuances. That’s why the Pentagon’s decision to endorse the use...

Pentagon Approves Samsung KNOX Android Platform for DoD

Android has long been the outcast of mobile device security largely because hackers have been adept at getting malware onto the platform via third-party application marketplaces and lax submission policies on Google Play. The security of the operating system itself, however, hasn’t been challenge...

Google Play Android Apps Must Update in Google Store

The Google Play store has been an Eden for hackers wanting to get malicious code onto Android devices. A number of things made the marketplace too tempting for attackers to resist, including the open source nature of the operating system, lax vetting of developers, and the ability to modify code ...

Google bans Facebook and other self updating Android apps

Google just released a new Play Store version 4.0.27 that, contains only very minor tweaks and Google has changed the rules of its Google Play Store to put an end to the practice of developers updating their apps through their own means rather than the official Google Play channel. Shortly before...

Google bans Facebook and other self updating Android apps

Google just released a new Play Store version 4.0.27 that, contains only very minor tweaks and Google has changed the rules of its Google Play Store to put an end to the practice of developers updating their apps through their own means rather than the official Google Play channel. Shortly before...

Lock Screen Bypass Flaw Found in Viber for Android

Another day, another smartphone lock screen bypass vulnerability. This time a flaw in a popular messaging application for the Android mobile platform is to blame. Viber, which is similar to Skype in that it allows users to make free phone calls and send instant messages, is vulnerable to a flaw...

Java Applet Reflection Type Confusion Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

'BadNews' Android Malware downloaded up to 9 million times

It appears as if another malware scare has come to Android. Lookout Security said on Friday that it has discovered a new family of malware called BadNews. Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over t...

'BadNews' Android Malware downloaded up to 9 million times

It appears as if another malware scare has come to Android. Lookout Security said on Friday that it has discovered a new family of malware called BadNews. Malware that avoided detection and made its way onto the Google Play store has been downloaded around 9 million times by users from all over t...

Java Applet Reflection Type Confusion Remote Code Execution

This module abuses Java Reflection to generate a Type Confusion, due to a weak access control when setting final fields on static classes, and run code outside of the Java Sandbox. The vulnerability affects Java version 7u17 and earlier. This exploit bypasses click-to-play throw a specially craft...

Ubisoft's uPlay service hacked, Far Cry 3 Blood Dragon Leaked

Russian hackers have figured out a way to download free games from Ubisoft's servers, exploiting an existing vulnerability in Ubisoft's uPlay launcher. According to reports, the copies of Far Cry 3 Blood Dragon that are available on torrent sites are the result of a hack of Ubisoft's uPlay servic...

STUNSHELL PHP Web Shell remote code execution-vulnerability warning-the black bar safety net

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require ‘msf/core’ require ‘rex’ class Metasploit3 Msf::Exploit::Remote Ran...

Java CMM Remote Code Execution

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' class Metasploit3 false def initialize inf...

Java CMM Remote Code Execution

This module abuses the Color Management classes from a Java Applet to run arbitrary Java code outside of the sandbox as exploited in the wild in February and March of 2013. The vulnerability affects Java version 7u15 and earlier and 6u41 and earlier and has been tested successfully on Windows XP...

pidgin: missing nul termination of long values in UPnP responses

upnp.c in libpurple in Pidgin before 2.10.7 does not properly terminate long strings in UPnP responses, which allows remote attackers to cause a denial of service application crash by leveraging access to the local network...

Google Removing Ad-Blocking Apps From Play Android Market

Google, which has been a favorite target of privacy advocates for the last few years, has taken another step that’s unlikely to endear the company to that crowd or Android users. The company has begun removing ad-blocking apps from the Google Play Android app market, apparently for violating the...

DEBIAN-CVE-2011-1165

Vino, possibly before 3.2, does not properly document that it opens ports in UPnP routers when the "Configure network to automatically accept connections" setting is enabled, which might make it easier for remote attackers to perform further attacks...