160 matches found
Friday Squid Blogging: Cephalopod Week on Science Friday
It's Cephalopod Week! "Three hearts, eight arms, can't lose." As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered. Read my blog posting guidelines here...
FTC Promotes Privacy Awareness Week
The Federal Trade Commission FTC has released an announcement promoting Privacy Awareness Week PAW May 14–18, 2018. PAW is an annual event fostering awareness of privacy issues and the importance of protecting personal information. This year’s theme, “From Principles to Practice,” focuses on...
TippingPoint Threat Intelligence and Zero-Day Coverage – Week of May 7, 2018
This week marked National Teacher Appreciation Week here in the United States. I was happy to see that many other countries celebrate educators in all the other months of the year. All of us have at least one teacher, instructor or professor who really made a difference in our lives. There are tw...
maison-objet.com XSS vulnerability
Open Bug Bounty ID: OBB-527110 Description| Value ---|--- Affected Website:| maison-objet.com Open Bug Bounty Program:| Create your bounty program now. It's open and free. Vulnerable Application:| Custom Code Vulnerability Type:| XSS Cross Site Scripting / CWE-79 CVSSv3 Score:| 6.1...
FTC Promotes Privacy Awareness Week
The Federal Trade Commission FTC has released an announcement on Privacy Awareness Week, celebrated this week in the U.S. The theme of this year’s initiative is “Share with Care,” and the FTC is offering privacy tips, including how to safeguard your information online, improve your computer...
Thoughts on BSides Las Vegas 2016
I recently attended "Infosec Week" in Vegas - Black Hat, BSides and DEFCON. BSides is a high point every year. This smaller Con has a plethora of perks which make it a "must attended" and also offers many of the same benefits or advantages or opportunities as Black Hat and DEFCON...
aviationweek.com XSS vulnerability
Vulnerable URL: http://aviationweek.com/search/results/" Details: Description| Value ---|--- Patched:| No Latest check for patch:| 27.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 39307 VIP website status:| Yes Check aviationweek.com SSL connection:| Grade...
Pregnancy Tips Week by Week - Dangerous filesystem permissions, WebView code execution vulnerabilities
HackApp vulnerability scanner discovered that application Pregnancy Tips Week by Week published at the 'play' market has multiple vulnerabilities...
Spyware Asacub Evolves to Mobile Banking Malware
Asacub, once thought of as spyware, appears to have completed its transition into mobile banking malware, according to research published this week. When the Android malware surfaced in June 2015, researchers with Kaspersky Lab assumed it was spyware. It more or less fit the part; Asacub siphoned...
Unified Layer Shell Upload
/------ Unified-Layer Unrestricted File Upload Exploit /------ Author: UmPire / [email protected] /------ Iran Security Group / iransec.net Hi guys, With this exploit, You can upload files with any extensions you want in sites that are hosted on unified layer and its children like bluehost,...
Detecting and Preventing Compromises in Retail Payment Systems
Information Weeks Matthew Swartz published an article on the recently- confirmed payment card breaches at Target, Nieman Marcus and three other unnamed retailers. This article and many others reveal that these attacks involve sophisticated malware and some even suggest it is the work of the same...
Dan Guido on the THREADS Mobile Security Conference
Dennis Fisher talks with Dan Guido, CEO of Trail of Bits and hacker-in-residence at NYU-Poly, about the school’s first mobile security conference, called THREADS, taking place this week in Brooklyn. Part of the college’s Cybersecurity Awareness Week CSAW, THREADS will include speaker such as Dino...
Threatpost News Roundup on ITEC This Week
It was a big week in security, what with the takedown of the Rustock botnet takedown, there was a major attack against security firm RSA Security. Threatpost Editor Paul Roberts had a chance to sit down with Bill Sell, host of the weekly IT security news show ITEC This Week on the Pulse Network...
Video: Wikileaks, Data Security and the SMB
Threatpost editor Paul Roberts discusses issues that matter to small businesses including the impact of the recent Wikileaks debacle and the need for improved endpoint security, patch management and data protection on Pulse Network’s ITEC This Week with hosts Tyler Pyburn and Bill Sell...
Foxit Reader 4.1.1 - Local Stack Buffer Overflow
Exploit Title : Foxit 4.1.1 Date : 13/11/2010 Author : Sud0 Bug found by : dookie Original POC : https://www.exploit-db.com/exploits/15514/ Software Link : http://www.foxitsoftware.com/downloads/index.php Version : 4.1.1 OS : Windows Tested on : XP SP3 En VirtualBox Type of vuln : EIP / SEH Thank...
BDSMIS TraX with Payroll SQL Vulnerable
Exploit for asp platform in category web applications ======================================= BDSMIS TraX with Payroll SQL Vulnerable ======================================= 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 1 1 /' \ /'\ /\ \ /'\ 0 0 /, \ /\/\ \ \ \ ...
Unfixed XSS vulnerability at www.nationalpathologyweek.org
Security researcher jath, has submitted on 21/09/2009 a cross-site-scripting XSS vulnerability affecting www.nationalpathologyweek.org, which at the time of submission ranked 22530824 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 28/06/2010. ...
CVE-2008-4620
SQL injection vulnerability in Meeting Room Booking System MRBS before 1.4 allows remote attackers to execute arbitrary SQL commands via the area parameter to 1 month.php, and possibly 2 day.php and 3 week.php...
Yahoo! Messenger Webcam 8.1 ActiveX Remote Buffer Overflow Exploit
No description provided by source. html !-- 45 minutes of fuzzing! Great results! very relible, runs calc.exe, replace with shellcode of your choice!!! link:http://www.informationweek.com/news/showArticle.jhtml?articleID=199901856 maybe more vulz! Greetz to: str0ke and shinnai! -- html...
digirez-xss.txt
Hello Vulnerable : Digirez Version: 3.4 web : http://www.digiappz.com XSS : 1- http://www.example.com/room/infobook.asp?Roomname=XSS 2- http://www.example.com/room/week.asp?curYear=XSS For Example u can put : 1- http://www.example.com/room/infobook.asp?Roomname='alert1; 2-...