HackDig : Dig high-quality web security articles for hacker

Remote File Overwrite Vulnerability Patched by Cisco in IMC Supervisor, UCS Director

Cisco has patched a remote file overwrite vulnerability in its Integrated Management Controller (IMC) Supervisor and UCS Director products.On Thursday, Cisco issued an advisory that explains how a vulnerability in JavaServer Pages (JSP) input validation routines of both the IMC Supervisor and UCS Director products could be exploited by a remote, unauthentica
Publish At:2015-09-04 09:00 | Read:954 | Comments:0 | Tags:Latest Security News Cisco DoS IMC Supervisor Integrity UCS

Three Vulnerabilities in SIMATIC HMI Devices Patched by Siemens

Siemens, a leading producer of systems for power generation and transmission as well as medical diagnosis, has patched three vulnerabilities affecting a variety of SIMATIC HMI devices.The multinational technology company was first alerted to the vulnerabilities, among them two Schneider kits and a number of remote and local exploits, by the Quarkslab team an
Publish At:2015-08-31 17:05 | Read:1597 | Comments:0 | Tags:Latest Security News DoS ICS-CERT MITM password Siemens

Using BitTorrent Vulnerabilities to Launch Distributed Reflective DoS Attacks

Researchers warn that several protocols used by the peer-to-peer file sharing service BitTorrent, including a handful of clients that run the protocol, can be leveraged to carry out distributed reflective denial of service (DRDoS) attacks.Distributed reflective denial of service, or DRDoS attacks, occur when attackers send an overwhelming amount of traffic t
Publish At:2015-08-17 19:55 | Read:1465 | Comments:0 | Tags:Vulnerabilities Web Security BitTorrent DDoS DoS DRDoS vulne

Cisco Patches Fragmented Packet DoS Vulnerability in ASR 1000 Series

Cisco has patched a vulnerability in the code that handles the reassembly of fragmented IPv4 and IPv6 packets of its IOS XE Software for its ASR 1000 Series Aggregation Services Routers.According to an advisory released by Cisco, an unauthenticated, remote attacker could exploit this vulnerability to cause a crash of the Embedded Services Processor (ESP) tha
Publish At:2015-07-31 23:55 | Read:1636 | Comments:0 | Tags:Latest Security News ASR 1000 Cisco DoS ssh keys Vulnerabili

Trend Micro revealed a new Android vulnerability renders Android Devices inoperable

Researchers from Trend Micro discovered a new critical vulnerability in the Android mobile OS that can be exploited to crash mobile devices. Experts from Trend Micro discovered a new vulnerability, an integer overflow bug in the Android mediaserver service, that affects versions of Android starting with 4.3 Jelly Bean and up t
Publish At:2015-07-30 14:15 | Read:932 | Comments:0 | Tags:Breaking News Hacking Mobile Android Android vulnerability D

Critical DoS Bug in Node.js, io.js Patched

Developers at Node.js over the weekend released a critical update to the open source runtime environment that addresses a bug that could be used to cause denial of service attacks.The JavaScript framework is used in one way or another by a handful of companies, including Netflix, PayPal, the New York Times, WalMart, GE, and LinkedIn. The five year old open s
Publish At:2015-07-08 03:20 | Read:1421 | Comments:0 | Tags:Vulnerabilities Web Security denial-of-service vulnerabiliti

Beware of the text message that crashes iPhones

There's yet another iOS bug that causes Apple devices to crash when they receive text messages containing a string of special characters. With further finessing, the same exploit may be able to attack Macs, since OS X is also unable to process the same combination of characters, which are technically known as glyphs.The menacing combination of ASCII and
Publish At:2015-05-27 19:00 | Read:1445 | Comments:0 | Tags:Infinite Loop Risk Assessment Technology Lab bug denial-of-s

Millions of Routers open to attack due to a NetUSB flaw

A simple vulnerability has been uncovered in the NetUSB component, millions of modern routers and other IoT devices are exposed to the risk of cyber attacks The security expert Stefan Viehbock from SEC Consult Vulnerability Lab has reported a critical vulnerability (CVE-2015-3036) that potentially affects millions of routers a
Publish At:2015-05-20 22:25 | Read:1956 | Comments:0 | Tags:Breaking News Hacking DOS Internet of Things kernel LINUX Ne

SSL certificate parsing vulnerability could force iOS devices into endless reboot loop

Israeli security researchers have discovered a SSL certificate parsing vulnerability affecting iOS devices that could force them into endless reboot loop. Yair Amit and Adi Sharabani, security experts at the Israeli security firm Skycure have demonstrated at the RSA Conference 2015 the exploitation of a vulnerability that can
Publish At:2015-04-24 14:40 | Read:1557 | Comments:0 | Tags:Hacking Apple DDoS DOS iOS mobile SSL certificate parsing IO

Wi-Fi SSID names could allow to crash or hack mobile devices

Security researchers discovered a bug in WiFi SSID management that could be exploited by hackers to crash Android, Windows, Linux systems or hack them. In an e-mail published on the Open Source Software Security (oss-security) mailing list, a user reported a serious vulnerability that could allow attackers to crash devices or
Publish At:2015-04-23 22:21 | Read:1797 | Comments:0 | Tags:Hacking Mobile Android DOS mobile P2P SSID SSIS Wi-Fi

Oracle Hyperion Smart View for Office 11.1.2.3.000 - Crash PoC

# Exploit Title: Buffer Overflow in Oracle� Hyperion Smart View for Office[DOS]# Exploit Author: sajith# Vendor Homepage: http://oracle.com# vulnerable Version: Fusion Edition 11.1.2.3.000 Build 157#Vulnerable Link:http://www.oracle.com/technetwork/middleware/smart-view-for-office/downloads/index.html# Tested in: Microsoft Windows 7 Enterprise 6.1.7601 Servi
Publish At:2015-04-17 19:35 | Read:1275 | Comments:0 | Tags:dos

Oracle Outside-In DOCX File Parsing Memory Corruption

#####################################################################################Title: Oracle Outside-In DOCX File Parsing Memory CorruptionPlatforms: WindowsCVE:Secunia:{PRL}: 2015-04Author: Francis Provencher (Protek Research Lab’s)Website: http://www.protekresearchlab.com/Twitter: @ProtekResearch###########################################
Publish At:2015-04-17 19:35 | Read:1422 | Comments:0 | Tags:dos

Microsoft Window - HTTP.sys PoC (MS15-034)

/* UNTESTED - MS15-034 Checker THE BUG:8a8b2112 56 push esi8a8b2113 6a00 push 08a8b2115 2bc7 sub eax,edi8a8b2117 6a01 push 18a8b2119 1bca sbb ecx,edx8a8b211b 51 push ecx8a8b211c 50 push eax8a8b211d e8bf69fbff call HTTP!RtlULongLongAdd (8a868ae1
Publish At:2015-04-15 18:55 | Read:1302 | Comments:0 | Tags:dos

Samba < 3.6.2 x86 - PoC

#!/usr/bin/python"""Exploit for Samba vulnerabilty (CVE-2015-0240) by sleepyaThe exploit only targets vulnerable x86 smbd <3.6.24 which 'creds' is controlled by ReferentID field of PrimaryName (ServerName). That means '_talloc_zero()'in libtalloc does not write a value on 'creds' address.Reference:- https://securityblog.redhat.com/2015/02/2
Publish At:2015-04-14 10:55 | Read:1690 | Comments:0 | Tags:dos

Linux Kernel splice() System Call - Local DoS

/* ---------------------------------------------------------------------------------------------------- * cve-2014-7822_poc.c * * The implementation of certain splice_write file operations in the Linux kernel before 3.16 does not enforce a restriction on the maximum size of a single file * which allows local users to cause a denial of service (system crash)
Publish At:2015-04-13 18:55 | Read:2023 | Comments:0 | Tags:dos

Announce

Share high-quality web security related articles with you:)

Tools

Tag Cloud