Security

Web Application Security Testing Cheat Sheet

Introduction This cheat sheet provides a checklist of tasks to be performed during blackbox security testing of a web application. Purpose This checklist is intended to be used as an aide memoire for experienced pentesters and should be used in conjunction with the OWASP Testing Guide. It will be updated as the Testing Guide v4… Continue reading Web Application Security Testing Cheat Sheet

Advertisements
Security

[Havij 1.17] Automated and Advanced SQL Injection

Havij is an automated SQL Injection tool that helps penetration testers to find and exploit SQL Injection vulnerabilities on a web page. It can take advantage of a vulnerable web application. By using this software, user can perform back-end database fingerprinting, retrieve DBMS login names and password hashes, dump tables and columns, fetch data from… Continue reading [Havij 1.17] Automated and Advanced SQL Injection

Security

Malformed FileZilla FTP Client With Login Stealer

Beware of malformed FileZilla FTP client versions 3.7.3 and 3.5.3. We have noticed an increased presence of these malware versions of famous open source FTP clients.The first suspicious signs are bogus download URLs. As you can see, the installer is mostly hosted on hacked websites with fake content (for example texts and user comments are… Continue reading Malformed FileZilla FTP Client With Login Stealer

Security

Joomla! Security News: Core – Privilege Escalation

[20120601] - Core - Privilege Escalation Project: Joomla! SubProject: All Severity: Medium High Versions: 2.5.4 and all earlier 2.5.x versions Exploit type: Privilege Escalation Reported Date: 2012-April-29 Fixed Date: 2012-June-18 Description Inadequate checking leads to possible user privilege escalation. Affected Installs Joomla! versions 2.5.4 and all earlier 2.5.x versions Solution Upgrade to version 2.5.5 Reported… Continue reading Joomla! Security News: Core – Privilege Escalation

Security

Monthly Malware Statistics: February 2012

The following statistics were compiled in February using data collected from computers running Kaspersky Lab products: 143,574,335 web-borne infections were prevented; 298,807,610 malicious programs were detected and neutralized; 30,036,004 malicious URLs were detected; 261,830,529 network attacks were blocked. http://www.securelist.com/en/analysis/204792223/Monthly_Malware_Statistics_February_2012

Firefox, Security

Mozilla Firefox / Thunderbird / Seamonkey libpng Integer Overflow

Secunia Advisory SA48089 Description Mozilla has acknowledged a vulnerability in Firefox, Thunderbird, and Seamonkey, which can be exploited by malicious people to potentially compromise a user's system. For more information: SA48026 Solution Update to Firefox 10.0.2 or 3.6.27, Thunderbird 10.0.2 or 3.1.19, or SeaMonkey 2.7.2. Original Advisory Mozilla: http://www.mozilla.org/security/announce/2012/mfsa2012-11.html http://blog.mozilla.com/security/2012/02/17/mozilla-releases-to-address-cve-2011-3026/ Source http://secunia.com/advisories/48089/ Update Firefox How… Continue reading Mozilla Firefox / Thunderbird / Seamonkey libpng Integer Overflow

Security

Microsoft Internet Explorer Multiple Vulnerabilities

Description Multiple vulnerabilities have been reported in Internet Explorer, which can be exploited by malicious people to conduct cross-site scripting attacks, disclose sensitive information, and compromise a user's system. 1) Certain input passed via EUC-JP encoded characters is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML… Continue reading Microsoft Internet Explorer Multiple Vulnerabilities

Security

Microsoft Windows TCP/IP Stack Denial of Service Vulnerabilities

Description Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service). 1) An error in the TCP/IP stack (Tcpip.sys) when parsing received ICMP messages can be exploited to cause a system to stop responding or restart via a sequence of specially crafted ICMP… Continue reading Microsoft Windows TCP/IP Stack Denial of Service Vulnerabilities

Security

Microsoft Windows DNS Service Two Vulnerabilities

Description Two vulnerabilities have been reported in Microsoft Windows, which can be exploited by malicious people to cause a DoS (Denial of Service) and compromise a vulnerable system. 1) A sign-extension error in the Windows DNS server when processing a query for a NAPTR (Name Authority Pointer) resource record can be exploited to cause a… Continue reading Microsoft Windows DNS Service Two Vulnerabilities