HackDig : Dig high-quality web security articles for hackers

Talos Discovered Three More Vulnerabilities in Pidgin

This post was authored by Yves Younan and edited by Armin PelkmannTable of contentsCVE-2014-3697, VRT-2014-0205CVE-2014-3696, VRT-2014-0204CVE-2014-3695, VRT-2014-0203Cisco Talos is announcing the discovery and patching of another three 3 CVE vulnerabilities in Pidgin (An open-source multi-platform instant messaging client -- see wikipedia page). These vulne
Publish At:2014-11-07 17:05 | Read:4013 | Comments:0 | Tags:Threat Research fix patch Pidgin security Talos vulnerabilit

How to Fix iTunes 12′s Biggest Annoyances

iTunes 12, released with OS X Yosemite, features a new interface, which fits better with Apple’s overall desire for flatness, but changes a lot of the ways that users work with their media library. Apple's iTunes 12 is also controversial, since it changes many of the familiar ways we interacted with our media libraries.There are a number of annoyances in iTu
Publish At:2014-10-30 13:35 | Read:4557 | Comments:0 | Tags:Apple How To Annoyances Fix Info iTunes iTunes 12 MiniPlayer

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by ne
Publish At:2014-09-27 01:30 | Read:3637 | Comments:0 | Tags:Cloud Storage Online Threats Passwords Security Web bash clo

ImpressPages CMS 3.6 Multiple Vulnerabilities (XSS/SQLi/FD/RCE)

Input passed via several parameters is not properly sanitized before being returned to the user or used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code and HTML/script code in a user’s browser session in context of an affected site. Input passed to the ‘files[0][file]‘ parameter in ‘/ip_
Publish At:2014-08-13 01:56 | Read:5569 | Comments:0 | Tags:Internal advisory apache arbitrary CMS code delete deletion

LimeSurvey v2.00+ (build 131107) Script Insertion And SQL Injection Vulnerability

LimeSurvey suffers from a stored cross-site scripting and SQL Injection vulnerability. Input passed to the ‘label_name’ POST parameter is not properly sanitised before being returned to the user. This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. Input passed to the &#
Publish At:2014-08-13 01:56 | Read:5135 | Comments:0 | Tags:Internal admin advisory arbitrary auth code fix html inserti


Share high-quality web security related articles with you:)