SecPod Research Team member (Thanga Prakash) has found Multiple Cross-site Scripting Vulnerabilities and SQL injection vulnerability in WordPress HTML5 MP3 Player with Playlist plugin. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, inject or manipulate SQL queries in the back-end […]

Read More →

SecPod Research Team member (Thanga Prakash) has found Multiple Reflected Cross-site Scripting Vulnerabilities in ManageEngine Firewall Analyzer. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data. Complete Advisory information can be found here. Advisory […]

Read More →

An use-after-free vulnerability is present in Microsoft Internet Explorer 10 ( CVE-2014-0322 ) which allows remote attackers to execute arbitrary code. This vulnerability is being exploited in the wild as Watering hole attack, in which the attacker injects a javascript or hidden iframe into a website, which will redirect to a malicious page. In this attack, […]

Read More →

XXE attack is an attack on an application that parses XML input from untrusted sources using incorrectly configured XML parser. XML External Entities attacks benefit from an XML feature to build documents dynamically at the time of processing. An XML entity allows to include data dynamically from a given resource or an external URI(Uniform Resource […]

Read More →

Steganography is an art of hiding a message, image, or file within another message, image, or file. Mostly images are used to hide the data. The flexibility of using images means that information can be hidden in a variety of ways. It can be scattered all over the image or inserted straight inside. If data […]

Read More →

Winexe is a GNU/Linux based application that allows users to execute commands remotely on WindowsNT/2000/XP/2003/Vista/7/8 systems. It installs a service on the remote system, executes the command and uninstalls the service. Winexe allows execution of most of the windows shell commands. How to install: You can download the source package from here [Current version is […]

Read More →