Threat Landscape for Industrial Automation Systems in H1 2018

For many years, Kaspersky Lab experts have been uncovering and researching cyberthreats that target a variety of information systems – those of commercial and government organizations, banks, telecoms operators, industrial enterprises, and individual users. In this report, Kaspersky Lab Industria...

Onethink CMS Server Side Request Forgery

SSRFPS"Server Side Request ForgeryPSc in Onethink All version CVE-2017-14323 The Onethink is an open source CMSContent Management System.This system is based on the Thinkphp3.2 development framework. Product Download: http://www.onethink.cn Vulnerability TypePSoSSRFPS"Server Side Request ForgeryP...

This Week in Security News

Welcome to our weekly roundup, where we share what you need to know about the cybersecurity news and events that happened over the past few days. Below you’ll find a quick recap of topics followed by links to news articles and/or our blog posts providing additional insight. Be sure to check back...

Gattaca Server 2003 Null Byte Path Disclosure

No description provided by source. source: http://www.securityfocus.com/bid/10729/info It is reported that Gattaca Server 2003 contains multiple path disclosure vulnerabilities. By sending HTTP requests to Gattaca's web server, it is reportedly possible to cause the application to return error...

PHPortfolio SQL Injection Vulnerbility

No description provided by source. Exploit Title: SQL Injection Vulnerbility in PHP Portfolio Google Dork: Powered by PHPortfolio Date: 23/5/2011 Author: lionaneesh Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php Risk Level : High A hacker ca...

PHPortfolio SQL Injection

Exploit Title: SQL Injection Vulnerbility in PHP Portfolio Google Dork: "Powered by PHPortfolio" Date: 23/5/2011 Author: lionaneesh Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php Risk Level : High A hacker can get admin access to web databas...

PHPortfolio SQL Injection Vulnerbility

Exploit for php platform in category web applications Exploit Title: SQL Injection Vulnerbility in PHP Portfolio Google Dork: "Powered by PHPortfolio" Date: 23/5/2011 Author: lionaneesh Software Link: http://outshine.com/phportfolio/ http://www.outshine.com/software/phportfolio/intro.php Risk Lev...

Internal Affairs may be next target for #Anonymous !

There's confusion tonight as to whether international cyber vandals have tried to hack websites run by the Department of Internal Affairs. A group called Anonymous has threatened to attack internal affairs because it operates a filter that identifies child porn websites - which the cyber activist...

USN-30-1: Linux kernel vulnerabilities

CAN-2004-0883, CAN-2004-0949: During an audit of the smb file system implementation within Linux, several vulnerabilities were discovered ranging from out of bounds read accesses to kernel level buffer overflows. To exploit any of these vulnerabilities, an attacker needs control over the answers ...

osCommerce 2.2ms1 Multiple Script XSS

osCommerce is a widely installed open source shopping e-commerce solution. An attacker may use it to perform a cross-site scripting attack on this host. %NASLMINLEVEL 70300 written by K-Otik.com osCommerce Cross Site Scripting Bugs Ref added by rd : Message-ID: From: Daniel Alcantara de la Hoz To...

VBZoom 1.0 - SQL Injection

source: https://www.securityfocus.com/bid/5919/info A SQL injection vulnerability has been discovered in VBZoom v1.01. Due to insufficient sanitization of variables used to construct SQL queries, it is possible to modify the logic of a query, via a malicious request. Exploiting this issue could...