Learn Search

Search across all Learn content

SecPod Labs

Security Research

In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.

SMBs – Antivirus Just Not Enough

CVE Research

SMBs – Antivirus Just Not Enough

Small and medium size businesses mainly known as SMBs are focused towards growing. Spending on security software is not one of their priorities. But just like every other business, protection of their data and systems are equally important. The perception that since the business is small all they’ll...

Jan 12, 2016 • 3 min read

Patch Tuesday: Microsoft Security Bulletin Summary for January 2016

CVE Research

Patch Tuesday: Microsoft Security Bulletin Summary for January 2016

Jan 12, 2016 • 2 min read

Adobe releases emergency security patch for Flash Player

CVE Research

Adobe releases emergency security patch for Flash Player

Dec 28, 2015 • 1 min read

Microsoft Emergency Patch Update for Window

CVE Research

Microsoft Emergency Patch Update for Window

Microsoft has released an emergency patch update for all versions of Windows. This security update is rated Critical for all supported releases of Microsoft Windows. The patch addresses the CVE-2015-2426 which permits Remote Code Execution and allows hackers to take complete control of the attacked ...

Jul 21, 2015 • 1 min read

ClipBucket 2.7.0.5 Multiple Stored Cross-site Scripting Vulnerability

CVE Research

ClipBucket 2.7.0.5 Multiple Stored Cross-site Scripting Vulnerability

SecPod Research Team member (Deependra Bapna) has found Multiple Stored Cross-site. Scripting Vulnerabilities(CVE-2015-4673) in ClipBucket. The vulnerabilities are due to improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication crede...

Jun 17, 2015 • 1 min read

CVE-2015-2808 : Bar Mitzvah Attack in RC4

CVE Research

CVE-2015-2808 : Bar Mitzvah Attack in RC4

Bar Mitzvah Attack, a critical vulnerability discovered in Rivest Cipher 4 software stream cipher. A vulnerability management tool can detect this attack. In cryptography, RC4 is one of the most used software-based stream ciphers in the world. Proper protocols such as Transport Layer Security (TLS) ...

Jun 17, 2015 • 3 min read

WordPress HTML5 MP3 Player with Playlist plugin XSS and SQL Injection Vulnerabilities

CVE Research

WordPress HTML5 MP3 Player with Playlist plugin XSS and SQL Injection Vulnerabilities

SecPod Research Team member (Thanga Prakash) has found Multiple Cross-site Scripting Vulnerabilities and SQL injection vulnerability in WordPress HTML5 MP3 Player with Playlist plugin. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attack...

Jun 15, 2015 • 1 min read

ManageEngine Firewall Analyzer 8.3 Reflected Cross-site Scripting Vulnerability

CVE Research

ManageEngine Firewall Analyzer 8.3 Reflected Cross-site Scripting Vulnerability

SecPod Research Team member (Thanga Prakash) has found Multiple Reflected Cross-site

Jun 11, 2015 • 1 min read

18 year old unpatched vulnerability returns to haunt Microsoft Windows

CVE Research

18 year old unpatched vulnerability returns to haunt Microsoft Windows

A critical bug dubbed Redirect to SMB has been discovered which is known to affect all devices running any version of Windows, including Windows 10. The as-yet unpatched flaw in Windows leaks username and password details to remote attackers, and was first reported to Microsoft way back in 1997.

Apr 15, 2015 • 2 min read