PMS 0.42 - Local Stack-Based Overflow (ROP)

Exploit Author: Juan Sacco - http://exploitpack.com Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is due to an unproper filter of user supplied input while reading the configuration file and parsing the malicious...

Sleuthing the Cloud: The Challenges of Forensics in Cloud Environments

More and more companies are embracing Cloud computing for the practicality, efficiency, and economy of outsourcing the housing, maintenance, and monitoring of applications and their associated infrastructure to a third-party provider. As the Cloud becomes more the norm than the exception, there i...

Intel Halts Spectre Fixes On Older Chips, Citing Limited Ecosystem Support

Intel has halted patches for an array of older chips that would protect them against the Spectre vulnerability, according to a recent microcode update. The microcode update shows that its older products – including Wolfdale, Bloomfield, Clarksfield, Gulftown, Harpertown, Jasper Forest, SoFIA 3GR,...

PMS 0.42 Stack-Based Buffer Overflow Exploit

Exploit for linux platform in category dos / poc Exploit Author: Juan Sacco - http://exploitpack.com Vulnerability found using Exploit Pack v10 - Fuzzer local module Tested on: Kali i686 GNU/Linux Description: PMS 0.42 is prone to a local unauthenticated stack-based overflow The vulnerability is...

SQLmap Tamper-API - SQLMap Tamper API To Accept Tamper Scripts From All Languages

It's an API for SQLmap tamper scripts allows you to use your favorite programming language to write your tamper scripts. This API solves SQLmap limitation of accepting only python to write tamper scripts. How it works taper-api.py script sends the payload and kwargs in a JSON format "payload": ""...

Trend Micro Capture the Flag: Train security professionals – Close the skills gap

Businesses today face a security challenge: Protecting their systems and data is vital, but there aren’t enough qualified employees who can successfully make that happen. Similarly, young cybersecurity professionals need to overcome the gap between what is learned in a classroom and the practical...

Exploitability attributes of Nessus plugins: good, bad and Vulners

Exploitability is one of the most important criteria for prioritizing vulnerabilities. Let's see how good is the exploit-related data of Tenable Nessus NASL plugins and whether we can do it better. What are the attributes related to exploits? To understand this, I parsed all nasl plugins and got...

subjack - Hostile Subdomain Takeover tool written in Go

subjack is a Hostile Subdomain Takeover tool written in Go designed to scan a list of subdomains concurrently and identify ones that are able to be hijacked. With Go's speed and efficiency, this tool really stands out when it comes to mass-testing. Always double check the results manually to rule...

Academia's Role in Security Skills Gap Examined

LAS VEGAS—For a long time, there’s been a chorus from employers about the lacked of skilled security professionals to fill available openings. And while it would not be an illogical leap to think universities are adequately preparing tomorrow’s security admins and CISOs, quite the opposite may be...

Best Practical Solutions Request Tracker Cross-Site Request Forgery Vulnerability

Best Practical Solutions Request Tracker RT is an enterprise-grade, open source issue tracking system from Best Practical Solutions in the United States. The system has Bug tracking , customer service , customized workflow and other features . There is a security vulnerability in Best Practical...

Bridging the Skills Gap with Trend Micro’s Capture the Flag (CTF) Competition

We all know the IT security industry is suffering from chronic skills gaps and shortages around the world. In the US things are no different, with an estimated talent shortfall of around 40,000 jobs for information security analyst roles alone. While various initiatives have been proposed, few ha...

Space Coast Credit Union SCCU Mobile for Android and iPhone fails to properly validate SSL certificates

Overview Space Coast Credit Union SCCU Mobile for Android, version 2.1.0.1104 and earlier, and for iOS, version 2.2 and earlier, fails to properly validate SSL certificates provided by HTTPS connections, which may enable an attacker to conduct man-in-the-middle MITM attacks. Description CWE-295:...

Learn Practical Hacking Online — Get Training For Just $45!

Due to recent highly publicised hacks and high-profile data breaches, certified hackers are in huge demand and being hired by almost all industry to help them keep their networks protected. These ethical hackers not only gain reputation in the IT industry but are also one of the most well-paid...

Microsoft Internet Explorer 9 - IEFRAME CMarkup­Pointer::Move­To­Gap Use-After-Free

!-- Source: http://blog.skylined.nl/20161215001.html Synopsis A specially crafted web-page can trigger a use-after-free vulnerability in Microsoft Internet Explorer 9. The use appears to happen only once almost immediately after the free, which makes practical exploitation unlikely. Known affecte...

Design/Logic Flaw

An issue was discovered in Open-Xchange OX Guard before 2.4.0-rev8. OX Guard uses an authentication token to identify and transfer guest users' credentials. The OX Guard API acts as a padding oracle by responding with different error codes depending on whether the provided token matches the...

Learn Python Online — From Scratch to Penetration Testing

When we started our brand new THN Deals Store last week on the special occasion of company's 6th Anniversary, we introduced its very first product, Professional Hacking Certification Package, and received great response from our readers. Thank you! If you have not yet, you can still get this deal...

OpenSSL Patches High-Severity OCSP Bug, Mitigates SWEET32 Attack

A vulnerability in the OpenSSL implementation of the Online Certificate Status Protocol OCSP was patched this week, closing a denial-of-service weakness in affected servers. The patch was the most severe of 14 released yesterday by OpenSSL. OCSP is an alternative in many cases to Certificate...

Analyzing the Malware Analysts – Inside FireEye’s FLARE Team

At the Black Hat USA 2016 conference in Las Vegas last week, I was fortunate to sit down with Michael Sikorski, Director, FireEye Labs Advanced Reverse Engineering FLARE Team. During our conversation we discussed the origin of the FLARE team, what it takes to analyze malware, Michael’s book...

Nextcloud: Directory Listing On download.nextcloud.com & Practical Attacks on PGP (Pretty Good Privacy)

Sir, I have found a major bug in your website : That Is Directory listing & Practical Attacks On PGP signature affected area https://download.nextcloud.com/server/ here is my poc F100081 Poc Details: The web server is configured to display the list of files contained in this directory. As a resul...

USN-2878-1: Perl vulnerability

David Golden discovered that the canonpath function in the Perl File::Spec module did not properly preserve the taint attribute. An attacker could possibly use this issue to bypass the taint protection mechanism...