7422 matches found
Book Review : Defense against the Black Arts
Book Review : Defense against the Black Arts How Hackers Do What They Do and How to Protect against It Ben Rothke write a review of a new book on hacking "Defense against the Black Arts: How Hackers Do What They Do and How to Protect against It". Authors are Jesse Varsalone, Matthew Mcfadden,...
Giveaway : Win a Backtrack or iPhone book
Giveaway: Win a Backtrack or iPhone book After the huge success of our earlier giveaway we have again teamed up with Packt Publishing and we are organizing a giveaway where Three lucky winners stand a chance to win a copy of their choice between two great selling books i.e iPhone Applications...
Book Review: BackTrack 4: Assuring Security by Penetration Testing
Book Review: BackTrack 4: Assuring Security by Penetration Testing This review is for the BackTrack 4: Assuring Security by Penetration Testing book published by Packtpub written by Wes Boudville. The authors tackle a persistent danger to many websites and networks that hang off the Internet, whe...
Wireless Penetration Testing Series Part 2: Basic concepts of WLANs
Wireless Penetration Testing Series Part 2: Basic concepts of WLANs This blog post is in continuation of the Wireless Penetration Testing and Hacking series we started Part 1: Getting Started with Monitoring and Injection on the basis of the "SecurityTube Wi-Fi Security Expert" SWSE course which ...
SAPID 1.2.3 Remote File Inclusion
Exploit Title: SAPID Stable RFI Google Dork: tanyakan pada dan pemula :D Date: January 08 2011 Author: Opa Yong Software Link: http://sourceforge.net/projects/sapid/files/sapid-cms/ Version: SAPID 1.2.3 Stable Tested on: Windows XP Home Edition SP2 @POC:...
Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection
Wireless Penetration Testing Series Part 1: Getting Started with Monitoring and Injection We had promised a while back that we would start a Wireless Security and Penetration testing series based on the SecurityTube Wi-Fi Security Expert SWSE course! This course is based on the popular and much...
DSA-2381-1 squid3 - invalid memory deallocation
Bulletin has no description...
9 Top Patch Management Practices for Businesses Security
9 Top Patch Management Practices for Businesses Security I've spent most of the past decade in information security, with a pretty big focus on incident response. It never ceases to amaze me how many security incidents pronounced hacks customers suffer as a result of unpatched systems. Patch...
Thinking About Software Security Holistically
While assessing software systems of all types a few common mistakes regularly come up. These aren’t mistakes that lead directly to vulnerabilities, but mistakes in how some software companies think about security, that can lead to invalid assumptions, and ultimately which can allow real security...
Google Chrome IFRAME装载信息泄露漏洞
Bugtraq ID: 51068 CVE ID:CVE-2011-4691 Google Chrome是一款流行的WEB浏览器。 Google Chrome 15.0.874.121及其之前的版本中存在漏洞,在IFRAME加载尝试过程中,没有正确防止在违反同源策略所需的时间里采集数据,远程攻击者构建包含恶意JavaScript代码的WEB页,诱使用户解析,可判断目标用户浏览器缓存中的文件。 0 Google Chrome = 15.0.874.121 厂商解决方案 目前没有详细解决方案提供: http://www.google.com/chrome 测试方法...
[SECURITY] [DSA 2363-1] tor security update
------------------------------------------------------------------------- Debian Security Advisory DSA-2363-1 [email protected] http://www.debian.org/security/ Moritz Muehlenhoff December 16, 2011 http://www.debian.org/security/faq -...
SuSE 11.1 Security Update : update-test-security (2011-11-18) (deprecated)
This is a fake security update for testing purposes. %NASLMINLEVEL 999999 C Tenable Network Security, Inc. The text description of this plugin is C Novell, Inc. @DEPRECATED@ This script has been deprecated as the associated patch is not actually a security fix. Disabled on 2013/12/05...
VanDyke AbsoluteFTP FTP Client LIST Overflow
Added: 12/12/2011 BID: 50614 OSVDB: 77105 Background VanDyke AbsoluteFTP is a popular free FTP client. AbsoluteFTP was replaced by SecureFX in 1998, and support for AbsoluteFTP ended in 2007. Problem The AbsoluteFTP client contains a buffer overflow vulnerability when parsing file and directory...
Squiz Matrix User Account Enumeration
Squiz Matrix - User Account Enumeration http://www.osisecurity.com.au/advisories/squiz-matrix-user-enumeration Release Date: 12-Dec-2011 Software: Squiz - Matrix http://www.squiz.net/ "Squiz Matrix delivers highly flexible and robust business integration engine and application development tools. ...
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released
BeEF 0.4.2.12 alpha Browser Exploitation Framework Released The Browser Exploitation Framework BeEF is a powerful professional security tool. BeEF is pioneering techniques that provide the experienced penetration tester with practical client side attack vectors. Unlike other security frameworks,...
GivingFirst Launches online Charity Processing Service
In the spirit of the Holiday Season, Coalfire has made a significant contribution to GivingFirst.org in the form of free Penetration Testing services. GivingFirst is a Denver-based community foundation whose mission is "to improve quality of life by increasing community generosity and involvement...
DSA-2356-1 openjdk-6 - several
Bulletin has no description...
icomex cms (Content Management Solutions) sql injection vulnerability
Exploit Title: icomex cms sql injection vulnerability Author : XaDaL Link : http://www.icomex.com/ Tested on : windows google dork : This site is powered by Content Management Systems from icomex === POC === =x= http://site/html/Home.htm?articleid=SQL =x= http://site/html/services.htm?articleid=S...
SecurityTube Metasploit Framework Expert Certification Launched !
SecurityTube Metasploit Framework Expert Certification Launched ! Not so long ago, we had posted the launch of the SecurityTube Wi-Fi Security Expert SWSE program. The certification has been a success and it has students from over 25+ countries from around the world. The SecurityTube Metasploit...