Web Applications Attacks: Open Redirection Vulnerabilities

Open redirection or URL redirection vulnerabilities occur when a web application takes user-controllable input and uses it to perform a redirection, directing the user’s browser to visit a different URL than the one requested (the original domain). These security vulnerabilities regularly are of much less interest to an attacker than cross-site scripting, which can be […]

Abusing the AWS metadata service using SSRF vulnerabilities

I recently worked on a small toy project to execute untrusted Python code in Docker containers. This lead me to test several online code execution engines to see how they reacted to various attacks. While doing so, I found several interesting vulnerabilities in the code execution engine developed by Qualified, which is quite widely used including by […]

8,000 Vulnerabilities Found in Pacemakers

A staggering 8,000 vulnerabilities have been discovered in one of the most widespread medical advancements keeping people alive today: The pacemaker. White Scope, which has reported all of the vulnerabilities to DHS ICS-CERT, examined seven different pacemaker programmers from four different manufacturers, with a focus on programmers that have RF capabilities. Thousands of flaws in […]

Sources to Trace New Vulnerabilities

Vulnerability defined as the weakness that allows attacker to enter in and harm, it may be a flaw in design or misconfiguration. In order to exploit the vulnerability attacker should have applicable tool or technique that connect to the system weakness. National Vulnerability Database NVD is the U.S. government repository of standards based vulnerability management […]

6 Critical RCE and Buffer Overflow Vulnerabilities in IBM Informix Dynamic Server and Informix Open Admin Tool

IBM Informix Dynamic Server and Informix Open Admin Tool contains 6 Critical Vulnerabilities including RCE and a Buffer overflow in HEAP. IBM Informix Dynamic Server for high-volume online Data server for transaction processing (OLTP), integrated applications, and now breathtakingly fast data warehouse/analytical workloads. IDS is well known for its hands-free administration. To make server administration even […]

New Burp Suite Version 1.7.23 adds support for 5 new Vulnerabilities

Burp Suite is a graphical tool for testing Web application security. The tool is composed in Java and created by PortSwigger Security. Burp Scanner is composed by industry-driving penetration testers. Burp Scanner incorporates a full static code investigation engine for the discovery of security vulnerabilities. Burp’s scanning logic is persistently refreshed with upgrades to guarantee […]

Vulnerabilities in Linksys routers allow attackers to hijack dozens of models

Cyber security experts disclosed the existence of 10 unpatched security flaws in dozens of Linksys routers widely used today. The IOActive senior security consultant Tao Sauvage and the independent security researcher Antide Petit have reported more than a dozen of unpatched security vulnerabilities affecting 25 different Linksys Smart Wi-Fi Routers models. The security duo published […]

Scan website for vulnerabilities with Uniscan Kali Linux Tutorial

Welcome back, in this tutorial you will learn how to scan and fingerprint a web server or device to find vulnerabilities.  To achieve this we will be using a tool called Uniscan. This tutorial will require a Linux Operating system we recommend installing Kali Linux if you have not already done so. Requirements:Kali Linux Uniscan […]

MICROSOFT PATCHES THREE VULNERABILITIES UNDER ATTACK

Microsoft today patched a zero-day Word vulnerability that has been publicly attacked along with deploying fixes for Internet Explorer, Microsoft Edge and Windows 10. In all, nine Microsoft products received updates totaling 45 unique CVEs. Three of the vulnerabilities among Tuesday’s updates, according to Microsoft, are under active attack.   One of the bugs (CVE-2017-0199) […]

RIVERBED PATCHES VULNERABILITIES IN APPLICATION MONITORING PORTAL

Riverbed Technology has patched four serious vulnerabilities in its SteelCentral portal, a centralized application performance monitoring platform. The flaws could allow an attacker to access critical application data and move through the network to other Riverbed agents feeding data into the central platform. An attacker would need to be on the network already to exploit […]

UEFI Vulnerabilities allow to fully compromise Gigabyte Mini PCs

Experts at Cylance disclosed two UEFI flaws that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. Experts at security firm Cylance have disclosed two UEFI vulnerabilities that can be exploited by attackers to install a backdoor on some Gigabyte BRIX mini PCs. The experts tested the latest firmware […]

Researchers Disclose Vulnerabilities in GIGABYTE BRIX Systems

Earlier this month, we teased a proof of concept for UEFI ransomware, which was presented at RSA Conference 2017. The HackingTeam, Snowden, Shadow Brokers, and Vault7 leaks have revealed that UEFI/BIOS implants aren’t just a theoretical concept, but have actually been weaponized by nation states to conduct cyber-espionage. Physical access requirements are a thing of […]

Drupal releases Security update for Multiple Vulnerabilities

Drupal is a content management software. It’s utilized to make a considerable amount of the websites and applications you utilize each day. Its tools help you to build the versatile, organized content that dynamic web experience require. Drupal is a platform the United States, London, France, and more use to communicate with the citizen. It’s the […]

Multiple vulnerabilities discovered in DNA sequencing web-application

Shorebreak Security penetration testers discovered seven serious vulnerabilities in the dnaLIMS web application during the course of a blackbox penetration test for a customer. Shorebreak notified the vendor, who appears to have no interest in fixing his flawed software that is in use publicly at several other organizations. Impact An unauthenticated attacker has the ability to execute system […]

Microsoft Bug Bounty Program: Report Vulnerabilities, Get up to $30,000

For the last couple of year, Google has been releasing details about unpatched vulnerabilities discovered by its researchers in Microsoft’s products. Now, to save itself from further embarrassment Microsoft has launched its bug bounty program in which the company is willing to pay up to $30,000 to hackers and security researchers for reporting flaws in […]

UPDATED FIRMWARE DUE FOR SERIOUS TP-LINK ROUTER VULNERABILITIES

Chinese router maker TP-Link is wrestling with the disclosure of a handful of vulnerabilities in its C2 and C20i routers. The most severe of the flaws lead to remote code execution on a device; the attack, however, would require an attacker first obtain valid credentials. Researcher Pierre Kim disclosed the issue last week in an […]