Facebook bug changed 14 million users' default privacy settings to public

Facebook admits as many as 14 millions of its users who thought they're sharing content privately with only friends may have inadvertently shared their posts with everyone because of a software bug. Facebook said in front of Congress in March over the Cambridge Analytica scandal that "every piece...

UBUNTU-CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

CVE-2017-16119

Fresh is a module used by the Express.js framework for HTTP response freshness testing. It is vulnerable to a regular expression denial of service when it is passed specially crafted input to parse. This causes the event loop to be blocked causing a denial of service condition...

fuzzdb-collect

Based on the provided context, it appears that the repository contains a tool for brute-forcing file extensions with 3-character names. The tool is designed to test...

DNA Testing Service MyHeritage Leaks User Data of 92 Million Customers

Account data tied to 92 million users of the genealogy and DNA testing service MyHeritage were found on a third-party “private” server in a breach that exposed usernames and passwords of customers. The breach is the largest since last year’s Equifax leak of 147.9 million pieces of private data...

DNA testing website MyHeritage hacked; 92 million user accounts stolen

By Waqas MyHeritage, an Israeli DNA, and genealogy website has suffered a massive This is a post from HackRead.com Read the original post: DNA testing website MyHeritage hacked; 92 million user accounts stolen...

MyHeritage Says Over 92 Million User Accounts Have Been Compromised

MyHeritage, the Israel-based DNA testing service designed to investigate family history, has disclosed that the company website was breached last year by unknown attackers, who stole login credentials of its more than 92 million customers. The company learned about the breach on June 4, 2018, aft...

Man-in-the-Middle (MitM)

xd-testing is vulnerable to man-in-the-middle MitM attacks. This is because they download binary resources via HTTP, allowing MitM attacks. Also, it may potentially cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the attacker is on the...

CVE-2016-10653

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10667

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

Remote code execution

selenium-portal is a Selenium Testing Framework selenium-portal downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested resources with an attacker controlled copy if the attacker is on th...

Design/Logic Flaw

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

CVE-2016-10653

CVE-2016-10653 concerns the xd-testing package, where the library downloads binary resources over HTTP. The root issue is insecure HTTP transfer of executables, enabling a network-position attacker to intercept the response and replace the binary, potentially leading to remote code execution on t...

CVE-2016-10667

CVE-2016-10667 affects the Node.js/selenium-portal package: it downloads binary resources over HTTP, leaving it vulnerable to a network-based MITM that could swap the requested resource with a malicious copy and cause remote code execution. The incident is documented across multiple feeds (NVD, G...

CVE-2016-10653

xd-testing is a testing library for cross-device XD web applications. xd-testing downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping out the requested binary with an attacker controlled binary if the...

BlackArch Linux v2018.06.01 - Penetration Testing Distribution

BlackArch Linux is an Arch Linux-based distribution for penetration testers and security researchers. The repository contains 1981 tools. You can install tools individually or in groups. BlackArch Linux is compatible with existing Arch installs. ChangeLog: added more than 60 new tools added confi...

CVE-2016-1000339

In the Bouncy Castle JCE Provider version 1.55 and earlier the primary engine class used for AES was AESFastEngine. Due to the highly table driven approach used in the algorithm it turns out that if the data channel on the CPU can be monitored the lookup table accesses are sufficient to leak...

Zip-N-Go 4.9 Local Buffer Overflow

!/usr/bin/python ---------------------------------------------------------------------------------------------------------- Exploit Title : Zip-n-Go v4.9 - Local Buffer Overflow SEH Exploit Author : Hashim Jawad - @ihack4falafel Vendor Homepage : http://mc1soft.com/index.shtml Vulnerable Software...

RouterSploit v3.0 - Exploitation Framework For Embedded Devices

The RouterSploit Framework is an open-source exploitation framework dedicated to embedded devices. It consists of various modules that aids penetration testing operations: exploits - modules that take advantage of identified vulnerabilities creds - modules designed to test credentials against...

Remote code execution

sauce-connect is a Node.js wrapper over the SauceLabs SauceConnect.jar program for establishing a secure tunnel for intranet testing. sauce-connect downloads binary resources over HTTP, which leaves it vulnerable to MITM attacks. It may be possible to cause remote code execution RCE by swapping o...