A vulnerability which is known to the designers, implementers, or operators of the system, but has not been corrected.
-2
votes
0answers
39 views
HTTP Parameters Pollution attack [closed]
I have a search form in my site that is submitted with POST method. I recently realize that it is vulnerable against HPP (Http Parameters Pollution). Somebody told me that fact. But I am not sure if ...
10
votes
2answers
493 views
How to make a website patch their poor security?
I am following an online class from a local institution. Recently, I've noticed they don't crypt passwords because they sent me my password by e-mail in clear text.
The website has a lot of personal ...
16
votes
4answers
786 views
IMG tag vulnerability
Is it safe to display images from arbitrary domains? I.e. let's say I have an image on my page:
<img src="http://badguy.com/image.gif" />
What if image.gif will return some js attack vector, ...
3
votes
2answers
149 views
Vulnerability testing without the use of exploits?
I was doing some testing on a server to see if it was vulnerable to a 0-day local exploit (the exploit was for gaining root privileges using a bug in the Linux kernel). There was no real information ...
3
votes
1answer
83 views
Vim Modeline Vulnerabilities
I use vim and have a use case for modelines. A modeline means that vim will parse a textfile for lines like:
# vim: set someoption=somevalue
and will then set those options. This is awesome if ...
7
votes
4answers
1k views
What kind of attack was this?
So our website was hacked, and these are the things that were done:
Some entries in the database were changed. I don't know if this was via SQL injection, or direct database access (only root is ...
18
votes
0answers
569 views
Where can I find a vulnerable operating system to practice pentests on? [duplicate]
I am looking for vulnerable operating systems that are used for practicing pentests. Damn Vulnerable Linux (DVL) is not maintained anymore. Are there any other simillar OS´s to download somewhere that ...
-4
votes
1answer
107 views
Breaking into your own systems [closed]
So as security professionals, most are overly paranoid about external hackers, leaks, etc. I'm looking for ideas on how one would go about testing their own systems, without signs that they were ...
5
votes
1answer
302 views
.JPEG File upload shell via EXIF comments
I came across this advisory recently and I'm a bit confused by both exploits, but specifically the file upload vulnerability.
I don't understand how to actually exploit this condition (or even why ...
6
votes
3answers
199 views
I work on an open source project. Is there a “standard” to reporting security vulnerabilities that we can use?
I work on an (intentionally undisclosed) open source project. To the best of my knowledge, we do not have a discoverable policy on reporting security vulnerabilities.
Rails has their own policy ...
4
votes
1answer
100 views
Switching to new encryption method (without losing data?)
Let's say you have a website that provides a service of some kind. Users can log in, they can store some kind of data, and there's various types of encryption in place to keep it all safe. Passwords ...
6
votes
2answers
438 views
SQL Injection: Drop All Tables
I used some vulnerability scanners to check a site of mine, and an instance of blind SQL injection was returned. However, when I try to exploit this vulnerability by entering the following into the ...
-2
votes
1answer
83 views
Why isn't AV software configured to recognize installed program vulnerabilities?
Background (not necessary to read):
I've used a few different major AV programs day-to-day over the years, and not one has ever informed me I was running code with known vulnerabilities.
Not only ...
1
vote
1answer
88 views
XSS MySQL Database Accessible?
I'd like to know if there is any danger of someone being able to access the database via XSS vulnerabilities on this page.
I have the following link. When you go to this link, the text I've enclosed ...
34
votes
5answers
1k views
Why is application crash considered insecure?
If an application crashes, the program stops and there is nothing anyone can do about it, other than starting the program again.
Crash is a bad behaviour in general and should be avoided, but why are ...
5
votes
2answers
199 views
Software security V.S Hardware security
In theory, perfect software applications are possible but in real life, they don't exist. When attackers know the software, they can send payloads to exploit vulnerabilities and run any arbitrary code ...
1
vote
1answer
58 views
Recognizing malicious URL attempts against your website
On serveral websites I've run, I periodically see URLs run against my servers that look like this:
/url_result?ctw_=sT,een_j...tdmlydXMtc2NhbS1lb........
Does anyone recognize it? I've tried to ...
0
votes
4answers
136 views
Is there a need to define “language safety”?
Language safety is not clearly defined while there're warnings about for instance Java. So how can you say that language is not safe while language safety is not clearly defined? If Java is unsafe ...
3
votes
2answers
672 views
ASP.NET vulnerability CVE-2008-5100 (assembly signing bypass): is there a fix?
The short version of this question is: Is there a fix or mitigation for
the ASP.NET vulnerability
CVE-2008-5100, which allows attackers to bypass assembly digital signature checking?
I'll ...
3
votes
4answers
228 views
FireFox's restore previous session restores logins authenticated by server's sessions
In a website I'm building when I login, close FireFox, open FireFox and try to go to the website again I must login again (as expected) BUT if I select "Restore Previous Session" I am logged in again. ...
4
votes
2answers
247 views
Evernote hacked - precautions?
On March 2, 2013, the digital note taking system Evernote was hacked. Evernote has forced new passwords and have released new updates to Windows, Windows phone and iOS of their client software.
...
0
votes
4answers
100 views
Dynamic tools to detect vulnerabilities in software applications written in c?
I am doing a project on detecting vulnerabilities in Windows 7/8 for software applications. Some of which some have source code available and some do not.
Please suggest some technique that can help ...
20
votes
6answers
854 views
Why are vulnerabilities and lack of security possible in computers?
I have heard about computer vulnerabilities, virus, malware, etc.
Why are these threats possible?
Why doesn't the computer just do the things it is supposed to?
Why do some people write malware, ...
0
votes
1answer
1k views
my site with joomla 1.5.14 got defaced and I'd like to know how he did it and stop it
I am supposed to manage the content of a site and it got defaced.
The site is hosted on a Linux server running Apache.
Apache version: 2.2.13
Linux version is Debian 4.0(I think I don't really have ...
7
votes
2answers
650 views
How should one prepare himself for a job interview for penetration testing?
So, the title basically says it all. I would really like to hear out some of the more experienced friends here with their answers for this.
Should it revolve around the ability to verbally explain ...
1
vote
2answers
284 views
Is SSH2 still vulnerable to man-in-middle attacks?
With SSH using RSA public key authentication, can an attacker spoof the server IP address and connect with client to obtain client password?
1
vote
2answers
2k views
How does Java 7 update 11 fix the security vulnerability?
There is a new Java released a couple days ago to resolve a hole that was recently discovered.
(Oracle, US-CERT, NVD/NIST)
In my initial reading about this update 11, I saw clearly where it by ...
21
votes
3answers
2k views
Should I be disabling Java?
First it was Apple, now it's the US government...
U.S. urges users to disable Java; Apple disables some remotely
New malware exploiting Java 7 in Windows and Unix systems
How serious is this ...
5
votes
3answers
160 views
Risk Control - Ignored risks and accepted risks
Some say that ignored risks as part of an organization's behavior are much worse than accepted risks.
I would like to test that axiom (in the eyes of some).
When I am handling a risk and I choose to ...
3
votes
2answers
310 views
Security of NoSQL databases
Hopefully this isn't too broad.
I've got little experience with NoSQL databases, but I know that they are rising in popularity. As a developer that is extremely concerned with security, I'm ...
2
votes
2answers
137 views
Access via http to other protocols and ports!
Our firewall only allows HTTP port 80 but we have detected that a user accesses some other protocols and ports that we deny in our firewall.
We know that he has developed an application (Console ...
5
votes
3answers
138 views
Disclosure in potential loss-of-life situations, with an uncooperative vendor
I recently discovered a publicly accessible web interface to a highly sensitive bit of lab equipment, the malfunction of which would result in potential loss of life or serious health concerns to a ...
8
votes
2answers
268 views
Vulnerabilities of Secure Shells
I ssh into my school's engineering computer to submit large programmin projects on a regular basis. Are there any vulnerabilities or worries about using this channel so frequently? What makes a secure ...
3
votes
1answer
114 views
How are CVE identifiers assigned and managed?
CVE Identifiers (a.k.a. CVE IDs) are used to uniquely identifier a particular vulnerability. We've all seen them on various bulletins, and they're useful when researching an issue. But how are they ...
-1
votes
2answers
176 views
How to increase Windows PowerShell WebAccess security?
What are some recommended techniques to improve the security of powershell?
Google returns many articles about powershell security like these:
PowerShell’s Security Guiding Principles TechNet Edge ...
0
votes
0answers
33 views
Source(s) for getting listed vulnerabilities? [closed]
As I know cve.mitre.org, is one major source from which we can get to know all the listed vulnerabilities (new and old).
Are there any other such sites or databases available?
Also, if I want ...
0
votes
0answers
120 views
Examples of vulnerabilities being changed in only one (of many) places [closed]
I'm looking into source code analysis and was wondering if folks know of examples, in open source projects, of vulnerabilities where there were multiple "very similar" vulnerabilities in the same ...
0
votes
2answers
97 views
OpenLDAP version 2.4.24 at risk? Site to check for known vulnerabilities with version used?
We use OpenLDAP version 2.4.24
$ /usr/local/libexec/slapd -VV
@(#) $OpenLDAP: slapd 2.4.24 (Mar 5 2011 06:36:43) $
steve@sunblade2500:/bigdisk/SOURCES/S10/openldap-2.4.24/servers/slapd
...
3
votes
2answers
399 views
Not clear on ssl renegotiation vulnerabilty
When we read about TLS Renegotiation vulnerability, does it mean that a server is not supposed to ever accept renegotiation during a secure connection?
I thought that by renegotiation security is ...
0
votes
0answers
296 views
Exploit Double free() Vulnerability PoC [closed]
I don't understand about this bug very much
This is something that I know about this bug
If use free() with freed pointer it can trigged this bug
Need to have at least 2 pointer with allocate memory
...
4
votes
1answer
112 views
Security announcement mailing list for Java
I didn't find a security announcement mailing list for Java (from Oracle). How to get notified about new Java patches? I am not interested in other Oracle products.
For example Apple provides such a ...
1
vote
2answers
200 views
DVWA vulnerability list or guide?
Is there a list of vulnerabilities for DVWA, I cannot seem to find a vulnerability list or guide.
By guide I mean an exhaustive list of vulnerabilities to work through.
3
votes
1answer
444 views
Are OpenJDK and non-Windows systems vulnerable to the Sept. 25th 2012 Java vulnerability?
I have heard of this vulnerability, but although it was announced on the Full Disclosure list, it does not provide any details (other than a severity assessment). Does anyone have more info than me, ...
3
votes
2answers
120 views
Taking action for exploit attempts
Just recently I see I have had about 40 hits in one second for the following Snort rule- signature id 1:16008, which corresponds to the CVE-2007-6239: "... allows remote attackers to cause a denial of ...
13
votes
3answers
4k views
Stack Overflows - Defeating Canaries, ASLR, DEP, NX
To prevent buffer overflows, there are several protections available such as using Canary values, ASLR, DEP, NX. But, where there is a will, there is a way. I am researching on the various methods an ...
3
votes
4answers
132 views
Vulnerablity counts by platform
I've been asked to compile a list of the number of published web vulnerabilities or exploits grouped by platform.
With the understanding and caveat that numbers are just statistics, shouldn't be ...
-4
votes
1answer
328 views
Exploiting tomcat's vulnerability CVE-2009-2693 Arbitrary file deletion and/or alteration on deploy [closed]
For some tests, I want to exploit tomcat 6 vulnerability CVE-2009-2693. You can see it here http://tomcat.apache.org/security-6.html
I am trying this with insecure web application of OWASP. I made ...
1
vote
1answer
75 views
Zero day vulnerability appropriate corrective action
Is it appropriate for a software developer to provide zero day vulnerability corrections as at-user-discretion installers to apply patches or is it preferred to force it in cyclic updates?
The reason ...
2
votes
3answers
222 views
Can I tell which applications embed Internet Explorer at a command prompt?
A recently discovered vulnerability affects Internet Explorer versions up to version 9, running on Windows XP, Vista, and Windows 7.
This arstechnica article quotes HD Moore as saying,
Just keep ...
20
votes
2answers
1k views
From a technical standpoint, how does the zero-day Internet Explorer vulnerability discovered in September 2012 work?
I'm looking for an answer that explains the issue from the prespective of a developer/engineer. What is exactly being exploited and why does it work?
Please note that I am not looking for ...
