How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Protect Against SQL Injection in ASP.Net

A lot of resources are available for SQL Injection attack, however  I will be focusing on the SQL injection protection sample codes in ASP.net. Wherever I meet developers, they are totally aware of SQL injection. On the other hand, they are not aware about how to fix the SQL injection as per the standard methodology. Before going […]

Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities

Recently I got an assignment where I had to work on the Umbraco application – a free Open Source Content Management System built on the ASP.NET platform and is used by more than 2,25,000 websites. While performing the security testing of this application, I discovered serious vulnerabilities within this application, allowing to perform SSRF attack, CSRF Bypass […]

cPanel releases security patches for 20 critical vulnerabilities

The cPanel security team has identified several security concerns in their control panel software. They have also released patches to address all these security concerns with the cPanel and WHM product. This patch basically addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48. The patches include following vulnerability fix  Arbitrary […]

Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]

PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9

vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]

How to Fix Joomla 3.2 to 3.4.4 Core – SQL Injection vulnerability

If you are a Joomla user, just UPGRADE it to the latest version, here or download new installation package here. Joomla officials have announced a new release Joomla! 3.4.5 is now available. Joomla core packages 3.2 to 3.4.4 are vulnerable to a critical vulnerability – SQL injection. The newly released Joomla version fixes the SQL injection vulnerability. […]

CVE-2015-2652 – Unauthenticated File Upload in Oracle E-business Suite.

During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability […]