NSA Says It Will End Access to 215 Records When Authority Ends in November

The National Security Agency says that once its legal authority to conduct Section 215 bulk telephone surveillance ends on Nov. 29, its analysts no longer will be allowed to access the database that holds all of the collected Section 215 records. In May, an appeals court ruled that bulk telephone...

phpVibe 4.20 Stored XSS Vulnerability

Exploit for php platform in category web applications phpVibe The vulnerability exists because the user input is not properly sanitized and this can lead to malicious code injection that will be executed on the target’s browser -- Proof of Concept -- 1. The attacker posts a new comment which...

Arab Portal 3 - SQL Injection Vulnerability

Exploit for php platform in category web applications In The Name Of ALLAH title : Arabportal 3 SQL injection vulnerability Exploit Title: Arabportal 3 registeration section SQL injection vulnerability Google Dork: inurl:members.php?action=signup Date: 2015/07/10 july 10th Exploit Author: ali...

Arab Portal 3 SQL Injection

In The Name Of ALLAH title : Arabportal 3 SQL injection vulnerability Exploit Title: Arabportal 3 registeration section SQL injection vulnerability Google Dork: inurl:members.php?action=signup Date: 2015/07/10 july 10th Exploit Author: ali ahmady -- Iranian Security Researcher snip3rirathotmail.c...

Zurmo CRM 3.0.2 Cross Site Scripting

​ Affected software: zurmo crm Type of vulnerability:xss stored URL:zurmo.com http://demo.zurmo.com/ Discovered by: provensec Website: provensec.com version:N/A Proof of concept​ goto profile section http://demo.zurmo.com/demos/stable/app/index.php/home/default and edit the whats going on field...

Rights Groups Call for More Change Two Years After Snowden Revelations Began

It’s been two years now since the first stories about NSA surveillance capabilities began to appear, and the environment has shifted dramatically in that time. Awareness of and resistance to mass surveillance has increased greatly, but the changes to policy and laws that many observers had hoped...

Sunset of Section 215 Means All Eyes on USA FREEDOM Act

The sun may have set at midnight on Section 215 of the PATRIOT Act, putting a temporary halt to the NSA’s bulk collection of phone call metadata, but privacy champions and legal experts point to May 7 as the day the lights dimmed on that facet of the government’s surveillance efforts. On that...

Fixed in Apache Tomcat 6.0.44

Low: Denial of Service CVE-2014-0230 When a response for a request with a request body is returned to the user agent before the request body is fully read, by default Tomcat swallows the remaining request body so that the next request on the connection may be processed. There was no limit to the...

Court's Ruling a 'Clear Signal' About Mass Surveillance Programs, Experts Say

The ruling last week by the Second Circuit Court of Appeals that the NSA’s years-long bulk collection of phone metadata is illegal is a “clear signal” that courts are moving in the direction of striking down some mass surveillance programs, experts say. The decision, issued Thursday, is among the...

Dennis Fisher and Mike Mimoso on the End of the Patch Tuesday Era, Section 215 and More

Dennis Fisher and Mike Mimoso talk about the end of the Patch Tuesday era for most Microsoft customers, the appeals court ruling on Section 215 metadata collection and Dennis’s idea for a security industry commission. Download: digitalunderground201.mp3 Music by Chris Gonsalves...

NSA Whistleblowers, Civil Liberties Groups Urge Congress to Oppose USA Freedom Act

As the expiration date for the controversial Section 215 of the Patriot Act draws near, the voices opposing a renewal of the surveillance powers the measure grants the NSA are growing louder. The latest entry is a letter sent to members of Congress by a long list of privacy, civil liberties, and...

Moodle 2.0.x < 2.0.5 / 2.1.x < 2.1.2 Multiple Vulnerabilities

Binary data 8713.prm...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Dashboard page in the monitoring-and-report section in Cisco Secure Access Control Server Solution Engine before 5.50.46.5 allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCuj62924...

Cisco Secure Access Control Server Dashboard Page Cross-Site Request Forgery Vulnerability

A vulnerability in the Dashboard page in the monitoring and report section of Cisco Secure Access Control Server could allow an unauthenticated, remote attacker to perform a cross-site request forgery CSRF attack. The vulnerability is due to the improper generation and validation of the CSRF toke...

Tech Companies, Privacy Advocates Call for NSA Reform

A group of technology companies, non-profits and privacy and human rights organizations have sent a letter to President Barack Obama, the director of national intelligence and a wide range of Congressional leaders, calling for an end to the bulk collection of phone metadata under Section 215 of t...

Amazon Linux AMI : file (ALAS-2015-497)

The ELF parser in file 5.08 through 5.21 allows remote attackers to cause a denial of service via a large number of notes. CVE-2014-9620 The ELF parser readelf.c in file before 5.21 allows remote attackers to cause a denial of service CPU consumption or crash via a large number of 1 program or 2...

724 CMS Directory Traversal Vulnerability

724CMS is a content management system. A directory traversal vulnerability exists in 724CMS due to the program section.php failing to properly filter user-submitted input. The vulnerability allows attackers to conduct directory traversal attacks to obtain sensitive information...

KLA10469 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to cause denial of service, execute arbitrary code or conduct code injection. Below is a complete list of vulnerabilities 1. An XSS vulnerabilities can be exploited remotely v...

elfutils: integer overflow, leading to a heap-based buffer overflow in libdw

Integer overflow in the checksection function in dwarfbeginelf.c in the libdw library, as used in elfutils 0.153 and possibly through 0.158 allows remote attackers to cause a denial of service application crash or possibly execute arbitrary code via a malformed compressed debug section in an ELF...

Beehive Forum 1.4.4 - Persistent Cross-Site Scripting

Beehive Forum 1.4.4 - Persistent Cross-Site Scripting Document Title: ============ Beehive Forum v1.4.4 Stored XSS Vulnerability Author: ============== Halil Dalabasmaz Release Date: =========== 23 Feb 2015 Product & Service Introduction: ======================== Beehive is an open-source project...