Browsing tag
Several popular Android applications available in Google Play Store are susceptible to a path traversal-affiliated vulnerability codenamed the Dirty Stream attack that could be exploited by a malicious app to overwrite arbitrary files in the vulnerable app’s home directory. “The implications of this vulnerability pattern include arbitrary code execution and token theft, depending on an […]
WordPress has released version 6.4.2 with a patch for a critical security flaw that could be exploited by threat actors by combining it with another bug to execute arbitrary PHP code on vulnerable sites. “A remote code execution vulnerability that is not directly exploitable in core; however, the security team feels that there is a […]
WPSploit is intended for Penetration Testers who audit WordPress plugins or developers who wish to audit their own WordPress plugins. It checks for: Cross-Site Scripting (XSS) SQL Injection File Download File Inclusion File Manipulation Command Execution PHP Code Execution Authorisation Open Redirect Cross-Site Request Forgery (CSRF) SSL/TLS Usage $ git clone https://github.com/m4ll0k/wpsploit.git $ cd wpsploit […]
A security researcher (@s1guza) has published the details of an unpatched vulnerability in macOS that can be exploited to gain full control of a system. The bug is a critical local privilege escalation (LPE) affects IOHIDFamily, which is a kernel extension designed for human interface devices (HID) (e.g. the touchscreen, buttons, accelerometer, etc.). The bug […]
Security researchers from security firm Elttam have discovered a critical vulnerability (tracked as CVE-2017-17562) in GoAhead tiny web server that affects many IoT devices, the vulnerability allows attacker to execute malicious code remotely on affected devices. According to the researchers: This blog post details CVE-2017-17562, a vulnerability which can be exploited to gain reliable remote […]
Last week, security researchers have published the details of two possibly critical flaws affecting version 5 of the vBulletin forum software. vBulletin is the most popular forum software, which is based on PHP and MySQL database server. It’s currently used by over 100,000 websites, including Fortune 500 and Alexa Top 1 million organizations websites and […]
The security vulnerability was discovered in the Linksys WVBR0-25 wireless video bridge, which was designed to enable the main Genie DVR to communicate over the air with clients’ Genie client boxes (up to 8) that are plugged into their televisions around the home. The vulnerability (tracked as CVE-2017-17411) has been discovered by Ricky Lawshae (security […]
An ethical hacker, security researcher and a writer Rafay Baloch was paid total USD 10,000 for reporting a Code Execution / Command Execution vulnerability on the sub-domain of Paypal. Paypal had started a *Bug Bounty program* for security experts around the world to report any bug or vulnerability is found on their server. The hacker writes […]