HackDig : Dig high-quality web security articles for hackers

MAGMI Magento plugin flaw allows remote code execution on a vulnerable site

Researchers discovered multiple vulnerabilities in the MAGMI Magento plugin that could lead to remote code execution on a vulnerable Magento site. Tenable published a research advisory for two vulnerabilities impacting the Magento Mass Import (MAGMI) plugin. The flaws were discovered by Enguerran Gillier of the Tenable Web Application Security Team. M
Publish At:2020-09-02 05:41 | Read:489 | Comments:0 | Tags:Breaking News Hacking authentication bypass hacking news inf

Cisco fixes critical and high-severity flaws in Data Center Network Manager

Cisco addressed critical and high-severity vulnerabilities affecting its Data Center Network Manager (DCNM) network management platform. Cisco addressed this week some critical and high-severity vulnerabilities impacting its Data Center Network Manager (DCNM) network management platform. One of the most security issues is a critical authentication bypa
Publish At:2020-07-31 11:16 | Read:449 | Comments:0 | Tags:Breaking News Security authentication bypass CISCO Hacking h

Juniper Backdoor Picture Getting Clearer

The NSA’s subversion of encryption standards may have come home to roost.As more eyes examine the Juniper backdoor in ScreenOS, the operating system standing up its NetScreen VPNs, it’s becoming clear that someone backdoored the NSA backdoor in Dual_EC_DRBG, opening the door to passive decryption of any VPN traffic moving through a NetScreen gate
Publish At:2015-12-22 19:45 | Read:3785 | Comments:0 | Tags:Vulnerabilities Cryptography Government Encryption vulnerabi

Netgear Publishes Patched Firmware for Routers Under Attack

After a pair of very public disclosures in the last two weeks, Netgear published new firmware for vulnerabilities in its routers that have been publicly exploited.Researchers discovered as many as 10,000 routers had been taken over, according to data lifted from one of the command and control servers involved in an attack against a victim investigated by Com
Publish At:2015-10-13 21:35 | Read:3061 | Comments:0 | Tags:Hacks Web Security Alexandre Herzog authentication bypass co

Disclosed Netgear Router Vulnerability Under Attack

A vulnerability in Netgear routers, already disclosed by two sets of researchers at different security companies, has been publicly exploited.Netgear, meanwhile, has yet to release patched firmware, despite apparently having built one and confirmed with one of the companies that privately disclosed that it addressed the problem adequately. Alexandre Herzog
Publish At:2015-10-09 02:30 | Read:3451 | Comments:0 | Tags:Hacks Vulnerabilities Alexandre Herzog authentication bypass

How to exploit flaws in InFocus IN3128HD Projector to hack host network

The firmware running on the InFocus IN3128HD Projector is affected by an authentication bypass flaw which allows the hack of the host network. Another smart object was found vulnerable by security experts, it is a popular projector commonly used in classrooms. The manufacturer has discovered several authentication flaws affect
Publish At:2015-04-29 09:20 | Read:4467 | Comments:0 | Tags:Breaking News Hacking authentication bypass InFocus IN3128HD

Skeleton Key Malware Opens Door to Espionage

Enterprise Active Directory administrators need to be on the lookout for anomalous privileged user activity after the discovery of malware capable of bypassing single-factor authentication on AD that was used as part of a larger cyberespionage campaign against a global company based in London.Hackers already on the company’s network via a remote access
Publish At:2015-01-14 22:55 | Read:3586 | Comments:0 | Tags:Hacks Malware Vulnerabilities Web Security Active Directory

Authentication Flaw in PayPal mobile API Allows Access to Blocked Accounts

Payment services provider PayPal is vulnerable to an authentication restriction bypass vulnerability, which could allow an attacker to bypass a filter or restriction of the online-service to get unauthorized access to a blocked users’ PayPal account.The security vulnerability actually resides in the mobile API authentication procedure of the PayPal onl
Publish At:2014-10-10 19:00 | Read:3158 | Comments:0 | Tags:account hack Authentication bypass hacking Paypal Paypal Vul

Popular Photo Sharing Website Likes.com Vulnerable To Multiple Critical Flaws

Likes.com, one of the emerging social networking site and popular image browsing platform, is found vulnerable to several critical vulnerabilities that could allow an attacker to completely delete users’ account in just one click.Likes.com is a social networking website that helps you to connect with people you like and make new friends for free. Just
Publish At:2014-09-07 20:10 | Read:4896 | Comments:0 | Tags:Authentication bypass brute force attack CSRF facebook likes

The password is irrelevant too

By Eireann Leverett @blackswanburstIn this follow up to a blog post on the Scalance-X200 series switches, we look at an authentication bypass vulnerability. It isn’t particularly complicated, but it does allow us to download configuration files, log files, and a firmware image. It can also be used to upload configuration and firmware images, which cau
Publish At:2014-08-12 01:40 | Read:3425 | Comments:0 | Tags:authentication bypass Eireann Leverett hacking ICS industria

Tools