Web Application Security Mode:
(Page 1 of 333)  1 2 3 4 5 6 7 8 9 10 11  Next >
Whitepaper: RPO exploitation techniques 2015-07-01
Takeshi Terada (mbsdtest01 gmail com)
Dear all,

MBSD released a whitepaper on RPO (Relative Path Overwrite) attack techniques.

1. Introduction
2. Path manipulation techniques
2.1. Loading another file on IIS/ASP.NET
2.2. Loading another file on Safari/Firefox
2.3. Loading anothe

[ more ]  [ reply ]
t2'15: Call for Papers 2015 (Helsinki / Finland) 2015-06-01
Tomi Tuominen (tomi tuominen t2 fi)
# t2'15 - Call For Papers (Helsinki, Finland) - October 29 - 30, 2015

Why spend your valuable conference time in the longest lines you have seen in your life, getting a sun burn or totally lost in the canals with your rental boat, being deprived of chewing gum or waking up in Nong Palai without

[ more ]  [ reply ]
hardwear.io - Hardware Security Conference Call for Papers 2015-05-29
Hardwear Team (hw hardwear io)
Dear Hackers and Security Gurus,

hardwear is seeking innovative research on hardware security. If you
have done interesting research on attacks or mitigation on any
Hardware and want to showcase it to the security community, just
submit your research paper. Please find all the relevant details for

[ more ]  [ reply ]
SQL Injection within popular Magento blog extension (CVE-2015-3428) 2015-05-28
AppCheck Advisories (advisories appcheck-ng com)

The aheadWorks Blog extension for Magento prior to version 1.3.10 is vulnerable to a critical SQL Injection security flaw. A remote unauthenticated attacker could exploit this vulnerability to take complete control of the affected Magento server and database. With

[ more ]  [ reply ]
Re: Call for Papers: RAID 2015 2015-05-27
Skander Iversen (skander iversen gmail com)
Dear colleagues,

deadline to RAID 2015 has been extended to June 5th.
We kindly encourage to consider submitting your research work there.

Best regards,


On Mon, May 11, 2015 at 9:08 AM, Skander Iversen
<skander.iversen (at) gmail (dot) com [email concealed]> wrote:
> Dear colleagues,
> I would like to announce the foll

[ more ]  [ reply ]
Breakpoint 2015 Call For Presentations 2015-05-17
cfp ruxcon org au
Breakpoint 2015 Call For Papers
Melbourne, Australia, October 22th-23th
Intercontinental Rialto

.[x]. Introduction .[x].

We are pleased to announce Call For Presentations for Breakpoint 2015.

Breakpoint showcases the work of expert security researchers from arou

[ more ]  [ reply ]
44CON CFP Open 2015-05-13
Steve (steve 44con com)
44CON London is the UK's largest combined annual Security Conference and Training event. Taking place on the evening of the 9th and all day on the 10th and 11th of September at the ILEC Conference Centre near Earls Court, London, we will have a fully dedicated conference facility, including secure w

[ more ]  [ reply ]
Call for Papers: RAID 2015 2015-05-11
Skander Iversen (skander iversen gmail com)
Dear colleagues,

I would like to announce the following CFP.
Please kindly consider submitting to this conference.

This year's RAID will take in marvelous Kyoto, Japan.

RAID 2015
Kyoto, Japan, November 2-4, 2015

Call for Papers

[ more ]  [ reply ]
Arachni Framework v1.1 & WebUI v0.5.7 have been released (Web Application Security Scanner) 2015-05-01
Tasos Laskos (tasos laskos gmail com)
Hey folks,

There's a new version of Arachni, an Open Source, modular and high-performance
Web Application Security Scanner Framework.

The highlights of this release are:

* More sensible default options.
* Approximately 7-fold performance increase (YMMV depending on webapp characteristics).
* Supp

[ more ]  [ reply ]
whitepaper: Identifier based XSSI attacks 2015-04-20
Takeshi Terada (mbsdtest01 gmail com)
Hello list members,

We released a new technical whitepaper titled:
"Identifier based XSSI attacks"


Some new attack techniques and browser vulnerabilities regarding XSSI
(Cross-Site Script Inclusion) are explained. In the attacks, a method
of tr

[ more ]  [ reply ]
Ruxcon 2015 Call For Presentations 2015-04-13
cfp ruxcon org au
Ruxcon 2015 Call For Presentations
Melbourne, Australia, October 24-25
CQ Function Centre


The Ruxcon team is pleased to announce the first round of Call For Presentations for Ruxcon 2015.

This year the conference will take place over the weekend of the 24th and 25th of Oc

[ more ]  [ reply ]
SpiderFoot 2.3.0 released 2015-02-11
Steve Micallef (steve binarypool com)
Hi all,

SpiderFoot 2.3.0 is now available, and includes a ton of new
functionality since 2.1.4 was last announced here. SpiderFoot is an open
source intelligence gathering / reconnaissance tool utilising over 40
data sources and methods, all driven through a snappy web UI.

Here's what's new sin

[ more ]  [ reply ]
nullcon HackIM Challenge 9-11 Jan 2015 2014-12-29
nullcon (nullcon nullcon net)
Namaste Ninjas,

Seasons greetings!
We are back for 6th time in Goa. nullcon 666 welcomes you to the
beastly devilish conference.
As nullcon is getting near, we are excited and ready to announce the
registration for HackIM CTF. Details at http://ctf.nullcon.net This
time HackIM is powered by EMC and

[ more ]  [ reply ]
File Upload with changed extension 2014-12-02
Jyotiranjan Acharya (jyotiranjan121 gmail com) (2 replies)
If you are able to upload a file with a changed extension, then will
that be a problem?
For example, you can not ,in any way, upload a .exe or .php/.jsp/.asp
file directly into a web App, but you can by changing their extension
to .JPG. What is the risk in such a case?

This list is sponsored by

[ more ]  [ reply ]
Re: File Upload with changed extension 2014-12-04
Michal Zalewski (lcamtuf coredump cx) (1 replies)
Re: File Upload with changed extension 2014-12-04
Robin Wood (robin digi ninja)
Re: File Upload with changed extension 2014-12-03
Guillermo Caminer (flaco webappsec gmail com) (1 replies)
Re: File Upload with changed extension 2014-12-03
Tobias Wassermann (mail tobias-wassermann de) (1 replies)
Re: File Upload with changed extension 2014-12-03
Seth Art (sethsec gmail com) (1 replies)
Re: File Upload with changed extension 2014-12-04
Paul Burbage (paul k burbage gmail com)
Tizen 2.2.1 WebKit Address Spoofing Vulnerability 2014-12-02
Ajin Abraham (ajin25 gmail com)
Title: Tizen 2.2.1 WebKit Address Spoofing Vulnerability
Author: Ajin Abraham | @ajinabraham
Website: http://opensecurity.in
Affected Product: Tizen Default Browser
Affected Version: Tizen 2.2.1
Video Demo: https://www.youtube.com/watch?v=QKbTSxlCX7c

<head><title>Tizen Browser - Add

[ more ]  [ reply ]
Re: concurrent logins 2014-11-24
Stephen de Vries (stephen continuumsecurity net) (1 replies)
> The reason I was thinking about this is the thing I was reading was
> suggesting to prevent session hijacking that concurrent logins should
> not be allowed, 2FA stops actual logins but not hijacks.

Session hijacking is only possible after some other vulnerability in the site is exploited, e.g.

[ more ]  [ reply ]
Re: concurrent logins 2014-11-24
Robin Wood (robin digi ninja)
(Page 1 of 333)  1 2 3 4 5 6 7 8 9 10 11  Next >


Privacy Statement
Copyright 2010, SecurityFocus