Caleb Sima and Andy Chou on Software Security, Quality and Testing

Dennis Fisher talks with Caleb Sima of Armorize and Andy Chou of Coverity about the companies’ new partnership designed to make security and quality code testing simpler and more efficient and the state of software security in general. Podcast audio courtesy of sykboy65 Subscribe to the Digital...

Saint Corporation Cross Site Scripting / HTML Injection

SAINT Corporation XSS Defacement Vulnerability Management, Assessment, Penetration Testing SAINT Corporation provides network security tools to financial, government and educational institutions around the world SAINT customers. The SAINT® vulnerability assessment tools are recognized as industry...

The Rise of the Rogue AV Testers

By Costin Raiu Recently, I was sitting around with a number of colleagues from Kaspersky Lab, discussing everybody’s favorite subject: the state of anti-virus testing these days. During the talks, somebody brought up the name of a new, obscure testing organization in the Far East. Nobody else had...

PsNews 1.3 - SQL Injection

PsNews 1.3 - SQL Injection Exploit Title : PsNews Sql Injection Vulnerability Date : 6 - 7 - 2010 Author : S.W.T Vendor : http://www.psnews.sourceforge.net Version : 1.3 Tested on : Linux & Windows Home : WwW.SeC-WaR.CoM -== SQL Injection Vulenrability ==-...

PsNews 1.3 SQL Injection

Exploit Title : PsNews Sql Injection Vulnerability Date : 6 - 7 - 2010 Author : S.W.T Vendor : http://www.psnews.sourceforge.net Version : 1.3 Tested on : Linux & Windows Home : WwW.SeC-WaR.CoM -== SQL Injection Vulenrability ==- http://www.site.com/path/ndetail.php?id=SQL1...

PsNews v1.3 SQL Injection Vulnerability

Exploit for php platform in category web applications ======================================= PsNews v1.3 SQL Injection Vulnerability ======================================= Exploit Title : PsNews Sql Injection Vulnerability Date : 6 - 7 - 2010 Author : S.W.T Vendor :...

PsNews 1.3 - SQL Injection

Exploit Title : PsNews Sql Injection Vulnerability Date : 6 - 7 - 2010 Author : S.W.T Vendor : http://www.psnews.sourceforge.net Version : 1.3 Tested on : Linux & Windows Home : WwW.SeC-WaR.CoM -== SQL Injection Vulenrability ==- http://www.site.com/path/ndetail.php?id=SQL1...

SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite

Exploit for windows platform in category remote exploits ================================================= SasCam WebCam Server v2.6.5 ActiveX SEH Overwrite ================================================= 'SEH Overwrite exploited by Blake 'Original EIP method by callAX 'Tested on XP SP3/IE7 in...

Fedora 11 : systemtap-1.1-1.fc11 (2010-0671)

Fixes CVE-2009-4273 Bugzilla 550172: https://bugzilla.redhat.com/showbug.cgi?id=CVE-2009-4273 New upstream release containing new features and bug fixes: better support for gcc 4.5 richer DWARF debuginfo, new preprocessor conditional for kernel 'CONFIG' testing, improved experimental unprivileged...

Grafik CMS 1.1.2 Cross Site Scripting

Vulnerability ID: HTB22439 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityingrafikcms1.html Product: Grafik CMS Vendor: GrafikPower Vulnerable Version: 1.1.2 and Probably Prior Versions Vendor Notification: 14 June 2010 Vulnerability Type: XSS Cross Site Scripting Status: Not Fixed,...

Placeto CMS SQL Injection

Exploit Title : Placeto CMS Auth. Bypass Vulnerability Date : 15 - 5 - 2010 Author : S.W.T Version : All Versions Tested on : Linux Home : WwW.SeC-WaR.CoM Go To The Admin Panel , And Enter The Following Username = or'1'='1' Password = S.W.T This Is Security War Team Penetration Testing & Ethical...

Placeto CMS Auth. Bypass Vulnerability

Exploit for php platform in category web applications ====================================== Placeto CMS Auth. Bypass Vulnerability ====================================== Exploit Title : Placeto CMS Auth. Bypass Vulnerability Date : 15 - 5 - 2010 Author : S.W.T Vendor : www.blahertech.org Version...

Applicure dotDefender 4.01-3 - Persistent Cross-Site Scripting

An advisory by EnableSecurity. ID: ES-20100601 Advisory URL: http://resources.enablesecurity.com/advisories/ES-20100601-dotdefender4.txt Affected Versions: version 4.0 Fixed versions: 4.01-3 and later Description: Applicure dotDefender is a Web Application Firewall that can be installed on Window...

XSS vulnerability in Scribe CMS

Vulnerability ID: HTB22422 Reference: http://www.htbridge.ch/advisory/xssvulnerabilityinscribecms2.html Product: Scribe CMS Vendor: Sigmer Technologies Vulnerable Version: Current at 03.06.2010 and Probably Prior Versions Vendor Notification: 07 June 2010 Vulnerability Type: XSS Cross Site...

[MajorSecurity SA-075]CMS RedAks 2.0 - SQL injection vulnerability

MajorSecurity SA-075CMS RedAks 2.0 - SQL injection vulnerability Details ============= Product: CMS RedAks v.2.0 Security-Risk: high Remote-Exploit: yes Vendor-URL: http://www.redaks.com/ Advisory-Status: published Credits ============= Discovered by: David Vieira-Kurz of MajorSecurity Original...

Alex Horan on Penetration Testing and the Business of Security

Dennis Fisher talks with Alex Horan of Core Security about penetration testing, the place of security within a business and Core’s new push to make security more accessible and understandable for business leaders. Podcast audio courtesy of sykboy65 Subscribe to the Digital Underground podcast on...

[SECURITY] [DSA 2063-1] New pmount packages fix denial of service

------------------------------------------------------------------------ Debian Security Advisory DSA-2063-1 [email protected] http://www.debian.org/security/ Giuseppe Iuculano June 17, 2010 http://www.debian.org/security/faq -...

CMS RedAks 2.0 - SQL Injection vulnerability

Exploit for php platform in category web applications ============================================ CMS RedAks 2.0 - SQL Injection vulnerability ============================================ Details ============= Product: CMS RedAks v.2.0 Security-Risk: high Remote-Exploit: yes Vendor-URL:...

[MajorSecurity SA-069]Invision Power Board - stored Cross site Scripting

MajorSecurity SA-069Invision Power Board - stored Cross site Scripting Details ======= Product: Invision Power Board Security-Risk: moderated Remote-Exploit: yes Vendor-URL: http://www.invisionpower.com Vendor-Status: informed Advisory-Status: published Credits ============ Discovered by: David...

[SECURITY] [DSA 2058-1] New glibc packages fix several vulnerabilities

------------------------------------------------------------------------ Debian Security Advisory DSA-2058-1 [email protected] http://www.debian.org/security/ Aurelien Jarno June 10, 2010 http://www.debian.org/security/faq -...