A zero-day vulnerability (CVE-2014-1761) in Microsoft Word is being exploited in the wild, which was discovered by the Google security team. The vulnerability is triggered while parsing malicious Rich Text Format (RTF) content that can be used to execute arbitrary code. According to Microsoft Security Advisory (2953095), vulnerability is present in Microsoft Word that can […]

Read More →

SecPod Research Team member (Veerendra G.G) wrote Metasploit module for Fitnesse Wiki Remote Command Execution Vulnerability. Metasploit Module can be found here. ## # This module requires Metasploit: http//metasploit.com/download # Current source: https://github.com/rapid7/metasploit-framework ## require ‘msf/core’ class Metasploit3 < Msf::Exploit::Remote Rank = GoodRanking include Msf::Exploit::Remote::HttpClient def initialize(info = {}) super(update_info(info, ‘Name’ => ‘Fitnesse Wiki Remote […]

Read More →

SecPod Research Team member (Shakeel Bhat) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF format […]

Read More →

The following SCAP content has been released to SCAP Repo and SecPod Ancor. SecPod Saner will automatically pull the relevant content on its next scheduled update.   oval:org.secpod.oval:def:17390 CVE-2014-0160 Information disclosure vulnerability in (1) TLS and (2) DTLS implementations in OpenSSL oval:org.secpod.oval:def:17398 CVE-2014-1757 File format converter vulnerability in Microsoft Office oval:org.secpod.oval:def:17399 CVE-2014-1758 Stack-based buffer overflow […]

Read More →

In this Patch Tuesday Microsoft released Five bulletins addressing a total of 23 vulnerabilities. Two are rated as Critical (addressing 19 vulnerabilities) and three are rated as Important. Critical security updates addresses security issues in Internet Explorer 6 to Internet Explorer 11 and Microsoft DirectShow. Both of them potentially allow Remote Code Execution. The other three […]

Read More →

SecPod Research Team member (Prabhu S Angadi) has found Multiple Cross-Site Scripting Vulnerability in BarracudaDrive. The vulnerability is caused by improper validation of various parameter in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory in CVRF […]

Read More →