SecPod Labs
Security Research
In-depth CVE write-ups, vulnerability analysis, and security intelligence from the SecPod Research team.
CVE Research
Patch Tuesday: Microsoft Security Bulletin Summary for April 2015
This April another big update from Microsoft, which includes 11 security bulletins addressing a total of 26 vulnerabilities. The high priority fix is for Microsoft Office addressing 5 vulnerabilities, Windows HTTP protocol stack (HTTP.sys) and Internet Explorer addressing 10 vulnerabilities.
Dotclear CMS Multiple Stored XSS Vulnerabilities
CVE Research
Dotclear CMS Multiple Stored XSS Vulnerabilities
SecPod Research Team member (Shakeel Bhat) has found Multiple Stored Cross-Site Scripting Vulnerabilities in Dotclear CMS. The vulnerability is caused by improper validation of various parameters in various pages. This may allow an attacker to steal cookie-based authentication credentials, compromis...
FREAK creeps into Windows
CVE Research
FREAK creeps into Windows
In our previous blog post, we promised to keep you informed if FREAK (Factoring attack on RSA-EXPORT Keys) vulnerability affects Windows applications. As of today, it is confirmed that FREAK is affecting all supported versions of Microsoft Windows, making the flaw more dangerous than anticipated. Th...
FREAK Attack?
CVE Research
FREAK Attack?
Another potentially dangerous vulnerability called FREAK (Factoring Attack on RSA-EXPORT Keys) is being true to its name and is freaking out all Android and Apple device users. This SSL/TLS vulnerability has over the years exposed millions of Android and Apple devices to attacks when they visit supp...
Vulnerability Alert : GHOST Vulnerability
CVE Research
Vulnerability Alert : GHOST Vulnerability
A highly critical vulnerability has been found in glibc, the GNU C library, which affects all Linux systems on glibc version 2.2 dating back to the year 2000. The vulnerability, with CVE-2015-0235, has already been nicknamed GHOST because of its relation to the _gethostbyname function. Read More.
