Posts Tagged ‘vulnerabilities’

FacebookEgyptian expert in the field of information security, Mohamed Ramadan discovered a vulnerability in Facebook Camera app for iOS.

Application accepts any SSL certificate, creating a base for an attack of the ‘man in the middle.’

Versions prior to 1.1.2 (previously released 21/12/2012) provide unauthorized access to some data on your phone when connected via Wi-Fi.
In particular, an attacker can intercept transmitted e-mail address and password you used to log in to Facebook. So iPhone users run the risk of losing control of his account in Facebook.

Facebook camera app for iOS allows an attacker to find e-mail and password for the account of the victim (more…)

Firefox logo

Vulnerability in Firefox

In the browser, eliminated two XSS vulnerability attacks and one vulnerability disclosure of sensitive data.

Mozilla Foundation has released a security update Firefox 16.0.2, which eliminated three vulnerabilities.

The second in the last two weeks fix in Firefox resolves two vulnerabilities that can make XSS attack, and one vulnerability disclosure of sensitive data, which allows you to bypass security restrictions and implement a cross-domain object reading Location. (more…)

phpMyAdminIn the latest version of phpMyAdmin is on SourceForge.net found backdoor.

PhpMyAdmin on the site published a report that the latest version of SQL-client phpMyAdmin, distributed resource SourceForge.net, contains backdoor.

Until recently, the mirror cdnetworks-kr-1 at SourceForge.net distribute modified versions of the client, the file contains a backdoor server_sync.php, as well as changes to the file js / cross_framing_protection.js. Discovered backdoor allows an attacker to remotely execute arbitrary PHP code.

At the time of publication of news producer knew only that a compromised version of phpMyAdmin-3.5.2.2-all-languages.zip. (more…)

NiktoYear and a half it took hackers Chris Sylla and David Lodge, to release a new version of the scanner Nikto 2.1.5.

It also displays the unique challenges for the more than 270 versions of the servers. The scanner also identifies common errors in web server configuration, including the presence of multiple index files, HTTP-server option, and then tries to make the most complete list of versions and modules on the server. List of objects for scanning Nikto is implemented as a plugin and is updated frequently (these plugins are not open source). (more…)