PayPal Addresses Months-Old SQL Injection Vulnerability, Frozen Accounts

Researchers with Vulnerability Lab today announced mega payment processor PayPal has fixed a flaw on its site that allowed a remote user or a local user with low privileges to compromise a Web application using a blind SQL injection. The vulnerability was first reported to PayPal back in August,...

Samsung Exynos kernel exploit offer Root without Flashing

A user over at the XDA Developers Forum has gone searching through Samsung Exynos kernels and has found one whopper of an exploit. There's both good and bad news with this exploit so head down below for more details on this new found glory. This exploits affects a number of Samsung-made devices,...

Yahoo Mail hijacking exploit available for $700

An Egyptian hacker "TheHell" is selling an exploit in $700 that allows individuals to hijack a Yahoo! email account. The method is shown off in a video that was posted on YouTube. A cross-site scripting XSS flaw on Yahoo! Mail creates a means to steal cookies and hijack accounts. In order to work...

Security hole allows anyone to hijack your Skype account

It looks like Skype has another big hole in their security. According to reports, a security hole makes Skype accounts vulnerable to hijacking. The security hole allows unauthorized users with knowledge of your Skype-connected email address to change the password on your Skype account, thus gaini...

phpyun talent system injection+background getshell-a vulnerability warning-the black bar safety net

Paul id proof 0day - - would have been ready to throw the clouds, but look to have previously submitted a This sets the source of the hole no response..just lost it. No nonsense /model/class/action.class.php 6 0 3 row function funipget if getenv"HTTPCLIENTIP" && strcasecmpgetenv"HTTPCLIENTIP",...

Assange's Asylum In The Balance, Researcher Warns Ecuador's Deliberations Are Vulnerable To Online Snooping

With Wikileaks founder Julian Assange anxiously awaiting word from the government of Ecuador on his request for political asylum, a security researcher warns that the country’s Ministry of Foreign Affairs, which is handling the Assange asylum request, is using a video conferencing system that is...

Researcher Warns Of Security Hole In KeePass Password Manager

Users of the free, open source KeePass password manager got unwelcome news on Tuesday, after a private security researcher claimed to have discovered a remotely exploitable security hole that could give an attacker access to unencrypted user passwords. However, KeePass’s creator calls the hole...

Fedora 17 : python-virtualenvwrapper-3.4-1.fc17 (2012-8434)

Upstream fix of a security hole patched in 3.2. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possible without introducing additional issues...

Top Web Browsers Vulnerable To Rogue Download Vulnerability

Security researcher and Google employee Michal Zalewski is warning of a potentially serious security hole that affects the three major Web browsers, Internet Explorer, Firefox and Google’s Chrome browser and that could make it easy for attackers to push malicious downloads from domains other than...

Backdoor In Equipment Used For Traffic Control, Railways Called "Huge Risk"

UPDATE: Security researchers are warning about the risk posed by an embarrassing security hole in industrial control software by the firm RuggedCom. A hidden administrative account could give remote attackers easy access to critical equipment that is used to manage a wide range of critical...

Default Password (nasadmin) for 'nasadmin' Account

The account 'nasadmin' on the remote host has the password 'nasadmin'. An attacker may leverage this to gain total control of the affected system. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. account = "nasadmin"; password = "nasadmin"; include'deprecatednasllevel.inc'; include'compat.inc...

MySQL < 5.0.83 Denial of Service

The version of MySQL installed on the remote host is earlier than 5.0.83 and thus reportedly allows a remote user to crash the server and possibly have other impacts. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid17804; scriptversion"1.6"; scriptcvsdate"Date:...

OpenSSL < 0.9.2b Session Reuse

According to its banner, the remote server is running a version of OpenSSL that is earlier than 0.9.2b. A remote attacker could reuse an SSL session under a different context and bypass access control mechanisms based on client certificates. C Tenable Network Security, Inc. include"compat.inc"; i...

Charlie Miller now working with DoD for Cyber Security

Charlie Miller is a former hacker who has become an information security consultant now working with Department of Defense DoD for helping out with cyber security. He was invited to the conference on cyber conflict held by the NATO Cooperative Cyber Defense Center of Excellence in Tallinn, where ...

Mac OS X Sandbox Security Hole Uncovered

Researchers at Core Security Technologies have uncovered a security hole that could allow someone to circumvent the application sandbox restrictions of Mac OS X. The report of the vulnerability, which affects Mac OS X 10.7x, 10.6x and 10.5x, follows Apple’s announcement earlier this month that al...

SQL-Ledger patch update for SQL injection

Hi all; We have been informed that SQL-Ledger 2.8.34 has in fact been released patching the security hole previously reported in LedgerSMB 1.2.24 and Lower. This is an SQL injection issue. I haven't been been able to find a CVE listing for this yet. Secunia has assigned this the id of SA45649 for...

libsoup -- unintentionally allow access to entire local filesystem

Dan Winship reports: Fixed a security hole that caused some SoupServer users to unintentionally allow accessing the entire local filesystem when they thought they were only providing access to a single directory...

AIX 610006 : U836411

The remote host is missing AIX PTF U836411 which is related to the security of the package X11.motif.mwm.6.1 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0; include'deprecatednasllevel.inc';...

AIX 710000 : U834551

The remote host is missing AIX PTF U834551 which is related to the security of the package devices.pci.e414a816.rte.7.1.0.15 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...

AIX 710000 : U833151

The remote host is missing AIX PTF U833151 which is related to the security of the package devices.pci.13100560.rte.7.1.0.15 You should install this PTF for your system to be up-to-date. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. if ! definedfunc"bnrandom" exit0;...