AI Score
0.4AI Score
0.5AI Score
0.2AI Score
QR Tags Can Hide Malicious Links, Experts Warn
QR tags have become the next big thing in interactive marketing. But as smart phone users flock to the trendy, postage-stamp sized bar codes, researchers are warning that they could be used to hijack mobile phones by directing them to malicious Web pages. In a post on the mobile security blog...
-0.3AI Score
Remote root on sfr/ubiquisys femtocell webserver (wsal/shttpd/mongoose) ToDo: Add execute shell ToDo: Test vulnerable...
0.3AI Score
0.47EPSS
PlayStation Network Stronger Than Ever, Says Sony Exec
In the wake of what will likely go down as the biggest gaming failure since Virtual Boy, Sony chief executive, Howard Stringer claims the PlayStation Network is more secure than ever, according to a report from CNET. “I’m pleased to tell you that the PSN is more secure and better than ever,”...
-0.2AI Score
0.2AI Score
6.8AI Score
EPSS
0.5AI Score
0.47EPSS
7.1AI Score
Simple HTTPd 1.42 PUT Request Remote Buffer Overflow Vulnerability
Exploit for windows platform in category remote...
7.1AI Score
0.5AI Score
0.47EPSS
Researchers Show Method to Decrypt GPRS Traffic
A security researcher known for his work on cracking cryptographic ciphers on mobile networks has found a method that enables him to capture and decrypt data traffic on virtually any GPRS network. The attack, developed by Karsten Nohl, enables him to eavesdrop on traffic within a radius of about...
0.4AI Score
7.1AI Score
0.3AI Score
Alice (Telefonica Germany) Modem 1111 DoS + XSS
German ISP 'Alice' has been shipping custom embedded devices (DSL modems/routers etc.) for the past few years. Their first self-branded DSL modem, Alice Modem 1111, using firmware version 4.19, is prone to at least the following two security vulnerabilities (after it has passed initial...
0.2AI Score
7.1AI Score
0.4AI Score
0.2AI Score
Experts Converge at RFIDsec to Discuss NFC Security Implications
RFID security problems have been biting at the ankles of users and companies that deploy the technology for several years now, but they’ve been mostly on the fringes of mainstream security concerns. But now, as the technology becomes more widespread and pervasive, that is beginning to change....
-0.1AI Score
Android NFC Bug Could Be First Of Many
Google is working on a fix for a newly discovered vulnerability affecting Nexus S Android phones that could cause applications on the phone to crash using incorrectly formated Near Field Communications (NFC) transactions. The issue, which will be discussed at an upcoming technical conference on...
-0.7AI Score
Unfixed XSS vulnerability at cinestar.de
Security researcher bursali, has submitted on 04/01/2011 a cross-site-scripting (XSS) vulnerability affecting cinestar.de, which at the time of submission ranked 17437 on the web according to Alexa. We manually validated and published a mirror of this vulnerability on 11/12/2011. It is currently...
0.7AI Score
Sony Sues PlayStation 3 Jailbreakers
Sony has filed a lawsuit against a group of hackers who were able to bypass the DRM protections in the company’s PlayStation 3, compromised the root key and later published tools allowing others to follow in their footsteps and play pirated software on the console. On Tuesday, Sony filed suit in...
-0.4AI Score
Cybersecurity Experts Create Program That Steals Text Messages !
Two cybersecurity researchers have just taught smartphones a lesson by developing a program that can eavesdrop and steal text messages from any phone on a GSM network – all in about 20 seconds. The Guardian reported that Karsten Nohl and Sylvain Munaut spent a year honing their technology,...
6.5AI Score
OS X 10.6.5 kernel crash upon wlan roaming with disabled mandatory MCS
During the buildup at the CCC 27c3 congress in Berlin we noticed several Apple Macbooks kernel paniced while connected to the wireless network. We identified the cause of this issue and we are able to reproduce this as well. It seems to be limited to the aluminum unibody Macbooks, running OS X...
AI Score
Eavesdropping on GSM: Cheap and Easy
GSM mobile phone networks are becoming the backbone of communications and commerce in the developed and developing worlds, but those networks may be easily susceptible to eavesdropping, according to a presentation at the annual Chaos Communication Congress (CCC) in Berlin. The BBC Reported that...
-0.3AI Score
'SMS of Death' Attacks Can Crash the Simplest of Phones
Malicious text messages can crash many types of mobile phones, including devices by Samsung, Sony Ericsson, Motorola and LG, according to a presentation given at the Chaos Communication Congress hacking conference this week in Berlin. Nicknamed ‘SMS of Death,’ the attacks were outlined by Collin...
-0.2AI Score
[Suspected Spam]XSS in Squirrelmail plugin 'Virtual Keyboard' <= 0.9.1
Hi, Squirrelmail plugin 'Virtual Keyboard' version 0.9.1 and lower is vulnerable to cross site scripting (XSS). The vkeyboard.php script fails to sanitize the value of HTTP GET parameter 'passformname' which the script stores in a variable of the same name and outputs (unmodified) into a HTML...
-0.2AI Score
Microsoft Proposes 'Health Certificates' For Internet Access
Microsoft is proposing a new Internet-wide security model, based on the concepts of public health, that is designed to address the problem of how to prevent infected machines from affecting the security and performance of PCs elsewhere on the Web. The model would require each PC to present a...
-0.3AI Score
AI Score
Berlin, Germany One of the security world’s most venerable conferences, the Chaos Communications Congress (CCC) is an annual gathering for hackers sponsored by the Chaos Computer Club. First held in 1984, the event now draws thousands of hackers, intellectuals, academics and Utopians to snowy...
0.7AI Score
-0.2AI Score
XSS in Horde IMP <=4.3.7, fetchmailprefs.php
Hi, Horde IMP v4.3.7 and lower are subject to a cross site scripting (XSS) vulnerability: The fetchmailprefs.php script fails to properly sanitize user supplied input to the 'fm_id' URL parameter. If exploited, injected code will be persistent (persistent XSS) and will execute once the user...
0.4AI Score
XSS in Horde Application Framework <=3.3.8, icon_browser.php
Hi, Horde Application Framework v3.3.8 and lower are subject to a cross site scripting (XSS) vulnerability. The icon_browser.php script fails to properly sanitize user supplied input to the 'subdir' URL parameter before printing it out as part of a HTML formatted error message. The following URL...
-0.1AI Score
-0.4AI Score
0.1AI Score
7.4AI Score
0.3AI Score
7.1AI Score
CVE-2010-0624: Heap-based buffer overflow in GNU Tar and GNU Cpio
I. BACKGROUND GNU Tar and GNU Cpio are popular programs for managing archive files. Both programs are included in many linux distributions. GNU Tar is commonly used for exchanging source code archives. Both programs include a client implementation for the remote mag tape protocol (rmt). This...
0.1AI Score
Hackers Using Automation, Geolocation in Social Networking Attacks
MOSCOW — Attackers have been focusing a lot of attention on social networking destinations such as Facebook, Twitter and even LinkedIn for some time now, but they recently have begun shifting their tactics to make their attacks much more effective and precise through the use of geolocation and...
0.3AI Score
Infiltrating the Pushdo Botnet
It’s very rare that we researchers get a chance to explore the inner workings of a botnet command and control server. Detailed insight into the botnet server or command component can give us valuable information about the motives of the botnet and possibly the bad guys behind it. But granting...
-0.1AI Score
DECT cordless telephone security test-use-vulnerability warning-the black bar safety net
Disclaimer: This article tests the use of the DECT phone are has himself, strongly opposed any who used to be discord, or even break the law.! Just use the "hack DECT cordless phone" as keyword Google the following. Found this 2 articles: hack crack DECT cordless telephone security system....
-0.4AI Score
Network Weaknesses Exposed at 26C3 Berlin
At the 26th Chaos Communication Congress in Berlin, security researcher Fabian Yamaguchi demonstrated a number of vulnerabilities that can apparently be found in many average communication networks and affect all levels from the access layer to the application layer. Read the full article. [The H.....
1.4AI Score
OpenX <= 2.8.1 execute arbitrary PHP code-exploits warning-the black bar safety net
Test method: OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is caused by the (insecure) file upload...
AI Score
7.1AI Score
Executing arbitrary PHP code on OpenX <= 2.8.1
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi, OpenX adserver version 2.8.1 and lower is vulnerable to remote code execution. To be exploited, this vulnerability requires banner / file upload permissions, such as granted to the 'advertiser' and 'administrator' roles. This vulnerability is...
0.1AI Score
Advisory: Crypto backdoor in Qnap storage devices (CVE-2009-3200)
Title: Crypto backdoor in Qnap storage devices Date: 18 September 2009 URL: http://www.baseline-security.de/downloads/BSC-Qnap_Crypto_Backdoor-CVE-2009-3200.txt Vendor: QNAP Systems Products (verified): TS-239 Pro, TS-639 Pro Products (unverified): SS-439 Pro, TS-439 Pro,...
-0.6AI Score
0.0004EPSS
0.2AI Score
0.0004EPSS