12 matches found
Indictments, Attribution Unlikely to Deter Chinese Hacking
The federal government is fighting back against what it says are China-based cyberattacks against U.S. universities and companies with indictments and a “naming-and-shaming” approach — but researchers aren’t convinced the efforts will come to much in terms of deterring future activity. On Monday,...
Who should protect you from Cyber Threats?
The world is becoming increasingly dependent on information technologies. 1. Government. More and more states provide digital services for their citizens and rely complex information systems. 2. Business. There are no more companies that do not have IT infrastructure on-premises or cloud. IT...
Guangzhou Travel Ease App has SMS Bombing Vulnerability
Guangzhou Travel Easy APP is an information service and online business processing software launched to the public by Guangzhou Public Security Traffic Management Department. There is an SMS bombing vulnerability in Guangzhou Easy Travel APP. An attacker can exploit this vulnerability to replay...
Wix.com Cross Site Scripting
57 million web pages are affected by a security problem in wix.com Proof of concept of a web page made in wix.com: http://www.itsec.cl/ to see the source code can observe the following: ... Find the SEO content of this site's homepage via http://www.itsec.cl/?escapedfragment= That is where search...
RoundCube Webmail <= 0.2-3 beta Code Execution Vulnerability
No description provided by source. Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses chuggnutt.com...
Web Hosting software WHMCS vulnerable to SQL Injection; emergency security update released
WHMCS, a popular client management, billing and support application for Web hosting providers, released an emergency security update for the 5.2 and 5.1 minor releases, to patch a critical vulnerability that was publicly disclosed. The vulnerability was publicly posted by a user named as...
Aardvark Topsite XSS vulnerability
Hi, I found XSS on Aardvark Topsites PHP system. Dork: "Powered by Aardvark Topsites" "SQL Queries" XSS: sitepath/index.php?a=search&q=2220onmouseover3dalertString.fromCharCode88,83,8320par3d22 Can use POST to effect the "email", "title", "u" and "url" parameters either on the same way. Tested...
Inspector General Finds Vulns at US-CERT
A scan of IT systems at US-CERT, the Homeland Security Department’s primary operational cybersecurity agency, found hundreds of vulnerabilities that could allow someone to compromise data, according to a recent inspector general’s report. Read the full article. Government Computer News...
NSA to Run $1.5B Security Data Center
The National Security Agency is going to run a planned $1.5 billion data center in Utah that will serve as a support center for the government’s information security programs. The exact mission and function of the data center is a bit unclear, however. The NSA’s core mission is to collect and...
Obama Nominates DHS Intelligence Chief
President Barack Obama has nominated Caryn Wagner to be the Homeland Security Department s intelligence chief, a position that oversees information technology systems designed to share information with federal, state and local officials. If confirmed by the Senate, Wagner would direct DHS Office ...
RoundCube Webmail 0.2-3 Beta Code Execution
Public Release Date of POC: 2008-12-22 Author: Jacobo Avariento Gimeno Sofistic CVE id: CVE-2008-5619 Bugtraq id: 32799 Severity: Critical Vulnerability reported by: RealMurphy Intro ---- Roundcube Webmail is a browser-based IMAP client that uses "chuggnutt.com HTML to Plain Text Conversion"...
Security Contact for Lyris
I am trying to reach the security contact at Lyris www.lyris.com. I sent an email to every address listed on the web site and keep getting blown off by the operator when I call1. The OSVDB Vendor Dictionary has no contact information listed for Lyris. There are a number of serious,...