Blog Posts - Sicurezza



WordPress Neuvoo-Jobroll 2.0 Cross Site Scripting

###################################################################### # Exploit Title: Wordpress plugin neuvoo-jobroll 2.0 Reflected Cross-Site Scripting (RXSS) # Date: 05/11/2015 # Author: Mickael Dorigny @ Synetis # Vendor or Software Link: http:/...
by MondoUnix on Nov 6, 2015

Java Secure Socket Extension (JSSE) SKIP-TLS

#!/usr/bin/env ruby # encoding: ASCII-8BIT # By Ramon de C Valle. This work is dedicated to the public domain.   require 'openssl' require 'optparse' require 'socket'   Version = [0, 0, 1] Release = nil   def prf(secret, label, seed) i...
by MondoUnix on Nov 6, 2015

OpenSSL Alternative Chains Certificate Forgery

#!/usr/bin/env ruby # encoding: ASCII-8BIT # By Ramon de C Valle. This work is dedicated to the public domain.   require 'openssl' require 'optparse' require 'socket'   Version = [0, 0, 1] Release = nil   class String def hexdump(strea...
by MondoUnix on Nov 6, 2015

Google reveals Samsung Galaxy S6 Edge’s security flaws

Google has highlighted 11 security flaws in Samsung's flagship Android handset, the Galaxy S6 Edge. The vulnerabilities include a loophole that could have been used by hackers to gain control of a victim's phone. Most of the issues were fixed after G...
by MondoUnix on Nov 6, 2015

Aggiornamento Firefox 42.0 per Mac, Windows e Linux

Rilasciato l'aggiornamento alla versione 42.0 del noto browser Firefox.A questo link sono pubblicate le note di rilascio di questa nuova versione con l'elenco di tutte le novità, in particolare:[Nuovo] La Navigazione privata con Protezione antitracc...
by VinBoiSoft Blog on Nov 2, 2015

WordPress Events Made Easy 1.5.49 CSRF / XSS

Plugin link: https://wordpress.org/plugins/events-made-easy/ Active Installs: 10,000+ Version tested: 1.5.49 CVE Reference: Waiting Original advisory: https://www.davidsopas.com/events-made-easy-wordpress-plugin-csrf-persistent-xss/   Events Mad...
by MondoUnix on Nov 1, 2015

WordPress Pie Register 2.0.18 SQL Injection

Details ================ Software: Pie Register Version: 2.0.18 Homepage: https://github.com/GTSolutions/Pie-Register CVE: CVE-2015-7682 (Pending) CVSS: 3.5 (Low; AV:N/AC:M/Au:S/C:P/I:N/A:N) CWE: CWE-89   Description ================ Two blind S...
by MondoUnix on Nov 1, 2015

WordPress Font 7.5 Path Traversal

Details ================ Software: Font Version: 7.5 Homepage: https://wordpress.org/plugins/font/ CVE: CVE-2015-7683 (Pending) CVSS: 6.3 (Medium; AV:N/AC:M/Au:S/C:C/I:N/A:N) CWE: CWE-22   Description ================ An absolute path traversal...
by MondoUnix on Nov 1, 2015

WordPress mTheme-Unus Local File Inclusion

####################################### # Exploit Title: Wordpress themes mTheme-Unus LFI Vulnerability # # Date: 2015-09-27 # Exploit Author: FullSecurity.org # Google Dork: ilnurl:/wp-content/themes/mTheme-Unus/ # Vendor Homepage: https://wordpress...
by MondoUnix on Oct 31, 2015

Joomla JNews SQL Injection

# Description of the component: Reach, engage and delight more customers with newsletters, auto-responders or campaign management.   ################################################################################################## # Exploit Tit...
by MondoUnix on Oct 31, 2015

How to Secure Your iPhone/iPad Against Hackers: Step-by-Step Visual Guide

Contenuto dell'eBook:Would you like to be the next victim of the hackers?Every so often we hear news of the hacking and leaking of private photos personal information of movie and music stars and other individuals and the loss of their privacy that i...
by VinBoiSoft Blog on Oct 30, 2015

Google Chrome 46.0.2490.80 versione stabile per Mac, Windows e Linux

È stato rilasciato Chrome 46.0.2490.80, il browser sviluppato da Google e basato sul motore di rendering Blink (è un fork di Google del progetto WebKit), in versione stabile disponibile per Mac OS X, Windows e Linux.A questo link sono pubblicate le...
by VinBoiSoft Blog on Oct 22, 2015

Security Update 2015-004 per Yosemite e 2015-007 per Mavericks

Disponibile l'Aggiornamento di sicurezza 2015-004 per OS X Yosemite 10.10.5 e l'Aggiornamento di sicurezza 2015-007 per OS X Mavericks 10.9.5.Questi aggiornamenti di sicurezza sono consigliati a tutti gli utenti e migliorano la sicurezza di OS X. Agg...
by VinBoiSoft Blog on Oct 22, 2015

Aggiornamento Safari 9.0.1 per OS X Yosemite e Mavericks

Tramite la funzione "Aggiornamento Software" del Mac App Store è disponibile Safari 9.0.1 per OS X 10.10.5 Yosemite e per OS X 10.9.5 Mavericks che include alcune funzionalità presenti in Safari 9.0.1 per OS X 10.11.1 El Capitan.L'aggiornamento di...
by VinBoiSoft Blog on Oct 21, 2015

The first rule of zero-days is no one talks about zero-days

How do you defend yourself against the unknown? That is crux of the zero-day vulnerability: a software vulnerability that, by definition, is unknown by the user of the software and often its developer as well. Everything about the zero-day market, fr...
by MondoUnix on Oct 21, 2015

Conosci e proteggi la tua sicurezza informatica

Una panoramica completa sul mondo della sicurezza e certezza digitale. Qui trovi argomenti forse nuovi o forse no, sui quali tu e i tuoi clienti dovete avere maggiore lucidità. Temi affascinanti quali la conservazione sostitutiva e digitale, la fatt...
by Easy Tech on Oct 19, 2015

Aggiornamento Firefox 41.0.2 per Mac, Windows e Linux

Rilasciato l'aggiornamento alla versione 41.0.2 del noto browser Firefox.A questo link sono pubblicate le note di rilascio di questa nuova versione con l'elenco di tutte le novità, in particolare:[Note di rilascio di Firefox 41.0.1][Risolto] Diverse...
by VinBoiSoft Blog on Oct 16, 2015

Pawn Storm attack: Flash zero-day exploit hits diplomatic inboxes

Hackers behind a long-running cyber-espionage campaign have begun using a new Adobe Flash zero-day exploit in their latest campaign. The attackers behind Pawn Storm targeted several foreign affairs ministries from around the globe using a Flash-based...
by MondoUnix on Oct 16, 2015

Security bugs in global mobile networks exposed

Mobile networks around the world have been penetrated by criminals and governments via bugs in the code that keeps them running, research suggests. The bugs could be abused to carry out large scale fraud and unlawful surveillance, security company Ad...
by MondoUnix on Oct 16, 2015

Password123 non basta più

Ciò che ci permette di utilizzare i servizi che Internet fornisce è la possibilità di proteggere i nostri dati. Le password, infatti, custodiscono i nostri conti in banca, le nostre mail e gli account nei nostri social network preferiti. Se ci pen...


Trending Topics

Close