Bala Krishna, Sergey Yakovlev Security Vulnerabilities

PT-2013-50: Cross-Site Request Forgery (CSRF) in Siemens Simatic WinCC TIA Portal

PT-2013-50: Cross-Site Request Forgery (CSRF) in Siemens Simatic WinCC TIA Portal Vulnerable software Siemens Simatic WinCC TIA Portal Version: 12.0 and earlier Application link: http://www.siemens.com/ Severity level Severity level: Medium Impact: Autentication hijacking Access Vector:...

Google BugBounty#9 - Cross Site Scripting Vulnerability

...

Google BugBounty#9 - Cross Site Scripting Vulnerability

...

#SOPA - The Hacker News say "NO WAY"

#SOPA - The Hacker News say "NO WAY" Get mad and take action as you read how your internet privacy and freedoms are about to be taken away in our editor Patti Galle's article on SOPA…….coming to your personal rights soon. The Stop Online Piracy Act (SOPA), or H.R. 3261, is a bill that was...

Russian Parliamentary Election Marred by DDoS Campaign

Yesterday was election day in Russia, and the occasion brought with it a coordinated campaign reportedly designed to silence some specific groups. A report from GlobalVoices.org details a massive wave of DDoS attacks against blogging platforms, election watchdog Websites, and various independent...

[ppt] Zeronights. Пачка презентаций с конференции.

Целая пачка презентаций: http://www.slideshare.net/DefconRuss...eronights-2011 Особо советую: Don’t touch it, unless it falls in pieces business applications hack in extreme conditions Root via XSS How to hack a telecom and stay alive Splitting, smuggling and cache poisoning come back Ну и...

Security fix for the ALT Linux 6 package cyrus-imapd version 2.4.12-alt0.M60P.1

Nov. 1, 2011 Sergey Y. Afonin 2.4.12-alt0.M60P.1 - Backport to p6 branch (fixes...

[PT-2011-30] Disclosure of sensitive information in D-Link DIR-300 Router

(PT-2011-30) Positive Technologies Security Advisory Disclosure of sensitive information in D-Link DIR-300 Router ---[Vulnerable software] Router management system for D-Link DIR-300 ---[Severity level] Severity level: Medium Impact: Sensitive information disclosure Access Vector:...

[PT-2011-29] Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

(PT-2011-29) Positive Technologies Security Advisory Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300. ---[Vulnerable software] Router management system for D-Link DIR-300 ---[Severity level] Severity level: High Impact: Random file reading,...

Google Fixes 27 Bugs in Chrome 15

Google has fixed more than two dozen vulnerabilities in its Chrome browser and also implemented a defense against the BEAST SSL attack. The bugs fixed in the new version of Chrome include 11 high-severity flaws. As part of its bug bounty program, Google paid more than $26,000 in rewards to...

Chrome Stable Release

The Google Chrome team is happy to announce the arrival of Chrome 15.0.874.102 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Chrome 15 contains some really great improvements including a new New Tab page. You can read about it more on the Google Chome blog. Security fixes and...

Security fix for the ALT Linux 8 package clamav version 0.97.3-alt1

Oct. 20, 2011 Sergey Y. Afonin 0.97.3-alt1 - 0.97.3...

PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300

PT-2011-29: Arbitrary file reading and arbitrary code execution in Router Manager for D-Link DIR-300 Vulnerable software Router management system for D-Link DIR-300 Severity level Severity level: High Impact: Random file reading, random code execution Access Vector: Remote CVSS v2: Base...

PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router

PT-2011-30: Disclosure of sensitive information in D-Link DIR-300 Router Vulnerable software Router management system for D-Link DIR-300 Severity level Severity level: Medium Impact: Sensitive information disclosure Access Vector: Remote CVSS v2: Base Score: 6.8 Vector:...

Security fix for the ALT Linux 10 package clamav version 0.97.3-alt1

Oct. 20, 2011 Sergey Y. Afonin 0.97.3-alt1 - 0.97.3...

Security fix for the ALT Linux 9 package clamav version 0.97.3-alt1

Oct. 20, 2011 Sergey Y. Afonin 0.97.3-alt1 - 0.97.3...

APPLE-SA-2011-10-11-1 iTunes 10.5

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-11-1 iTunes 10.5 iTunes 10.5 is now available and addresses the following: CoreFoundation Available for: Windows 7, Vista, XP SP2 or later Impact: A man-in-the-middle attack may lead to an unexpected application termination or...

APPLE-SA-2011-10-12-4 Safari 5.1.1

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-4 Safari 5.1.1 Safari 5.1.1 is now available and addresses the following: Safari Available for: Mac OS X v10.6.8, Mac OS X Server v10.6.8, OS X Lion v10.7.2, OS X Lion Server v10.7.2, Windows 7, Vista, XP SP2 or later Impact: ...

APPLE-SA-2011-10-12-1 iOS 5 Software Update

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-10-12-1 iOS 5 Software Update iOS 5 Software Update is now available and addresses the following: CalDAV Available for: iOS 3.0 through 4.3.5 for iPhone 3GS and iPhone 4, iOS 3.1 through 4.3.5 for iPod touch (3rd generation) and later,...

Apple Fixes Nearly 80 Bugs in iTunes 10.5

Apple has released a new version of its iTunes software, patching an enormous number of vulnerabilities in the popular music application. Version 10.5 of iTunes includes fixes for several dozen flaws in WebKit alone, and also has some updated functionality designed to support new components coming....

Steve Jobs Dead At 56

Outpourings of grief came from all corners of the technology world on Wednesday after Apple Computer announced that its co-founder and former CEO Steve Jobs had died of cancer at the age of 56. Apple’s Web page paid tribute to Jobs on Wednesday, as tributes poured in from across the world. Of...

Google Fixes Seven Flaws in New Chrome 14 Release

Google has fixed seven security vulnerabilities in its Chrome browser with a new release on Tuesday. Six of the bugs fixed in Chrome are rated high, with just one listed as critical. The company paid out $10,000 in bounties for the bugs it fixed in this release. In addition to the security fixes,.....

Stable Channel Update

The Stable channel has been updated to 14.0.835.202 for Windows, Mac, Linux, and Chrome Frame. This release contains Adobe Flash Player 11, along with the stability and security fixes listed below. Security fixes and rewards: Please see the Chromium security page for more detail. Note that the...

Google Fixes More Than 30 Flaws in Chrome

Google has fixed more than 30 security vulnerabilities in its Chrome browser with a new version the company released on Friday. The company also paid out more than $14,000 in rewards to the various researchers who reported bugs that were fixed with Chrome 14.0.835.163. The new version of Chrome...

Stable Channel Update

The Chrome Stable channel has been updated to 14.0.835.163 for all platforms. This release contains the following security fixes. More details about high level features can be found on the Google Chrome blog. Security fixes and rewards: Please see the Chromium security page for more detail....

Google Fixes 11 Flaws in Chrome 13.0.782.215

Google has patched 11 vulnerabilities in its Chrome browser, one of them critical, and paid out more than $8,500 in rewards to researchers for reporting bugs. The most serious vulnerability that Google fixed in Chrome 13.0.782.215 is a critical memory-corruption flaw in Chrome’s vertex handling....

Stable Channel Update

The Chrome Stable channel has been updated to 13.0.782.215 for all platforms. This release contains the following security fixes. Security fixes and rewards: Please see the Chromium security page for more detail. Note that the referenced bugs may be kept private until a majority of our users are...

E-SolBiz =>SQL Injection Vulnerability

Exploit for php platform in category web...

E-SolBiz SQL Injection

...

Google Fixes 30 Bugs in Chrome, Pays $17K in Bounties

Google has fixed 30 bugs in version 13.0.782.107, the latest build of its Chrome browser, pushed to the stable channel for Windows, Mac and Linux today. 14 of the bugs are deemed high-risk, including cross-origin script injection, HTML range handling and URI handling issues. Nine of the bugs are...

Stable Channel Update

The Google Chrome team is pleased to announce the arrival of Chrome 13.0.782.107 to the Stable Channel for Windows, Mac, Linux, and Chrome Frame. Spanning 5200+ revisions, Chrome 13 contains some exciting new features like Instant Pages prerendering technology. To find out about other new...

APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 APPLE-SA-2011-07-20-1 Safari 5.1 and Safari 5.0.6 Safari 5.1 and Safari 5.0.6 are now available and address the following: CFNetwork Available for: Windows 7, Vista, XP SP2 or later Impact: Visiting a maliciously crafted website may lead to a cross-...

U.S. House Committee Questions Ability to Secure Wall Street Data

Cyber security experts warned on Thursday that the U.S. government is failing to learn the lessons of past computer and intelligence breaches and often exhibits a careless attitude towards securing the data it keeps. The testimony came in a hearing on Thursday before the U.S. House of...

Wired Unpacks Stuxnet Mystery

You might think that everything that needs to be written on Stuxnet already has. After all, Threatpost has spilled (virtual) column inches on the stealthy worm, which targeted Siemens Simatic S7 programmable logic controllers. That’s in addition to posts by the likes of Symantec, McAfee and the...

TDSS rootkit infects 1.5 million US computers

TDSS rootkit infects 1.5 million US computers Millions of PCs around the world infected by the dangerous TDSS 'super-malware' rootkit as part of a campaign to build a giant new botnet. The report is presented by researchers from security firm Kaspersky Lab. TDSS also known as 'TDL' and...

J Software Solutions SQL Injection

...

Technofact (index/detail) => SQL Injection Vulnerability

Exploit for php platform in category web...

Technofact SQL Injection

...

IT Reflect SQL Injection

...

IT Reflect => SQL Injection Vulnerability

Exploit for php platform in category web...

Google Fixes 15 Bugs in Chrome, Gives Users Ability to Delete Flash Cookies

Google has fixed more than a dozen security bugs in its Chrome browser, including five high-severity vulnerabilities and one that qualified for the company’s highest bug bounty, a $3133.7 reward. The new version of Chrome has fixes for 15 separate security vulnerabilities, the most critical of...

Chrome Stable Release

The Google Chrome team is happy to announce the release of Chrome 12 to the Stable Channel for all platforms. Chrome 12.0.742.91 includes a number of new features and updates, including: Hardware accelerated 3D CSS New Safe Browsing protection against downloading malicious files Ability to...

TDSS Rootkit Gets Its Own Self-Replicating Loader

The group behind the TDSS rootkit has developed a new method for getting the pernicious malware onto as many machines as possible: a worm-like, self-propagating loader. The new mechanism has the ability not only to install new copies of the rootkit on PCs, but also set up its own DHCP server on a.....

Rustock Author May Be Former Google Hopeful

As Microsoft’s crusade against the Rustock botnet continues, a new article from Brian Krebs claims the formerly prolific botnet’s author may be a self-described mathematician and software engineer who once sought employment from Google. According to Krebs, who cites court documents filed by the...

Vibrant Creations =>SQL Injection Vulnerability

Exploit for php platform in category web...

World e Mart SQL Injection

...

Vibrant Creations SQL Injection

...

World e Mart (news event page) SQL Injection Vulnerability

Exploit for php platform in category web...

Ciphertek Systems SQL Injection

...

Homepages Admin SQL Injection

...