How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Protect Against SQL Injection in ASP.Net

A lot of resources are available for SQL Injection attack, however  I will be focusing on the SQL injection protection sample codes in ASP.net. Wherever I meet developers, they are totally aware of SQL injection. On the other hand, they are not aware about how to fix the SQL injection as per the standard methodology. Before going […]

Refinery – The Ruby on Rail Open Source CMS Penetration Testing Report

Recently I got an opportunity to test Refinery CMS, often shortened to Refinery, is an open source content management system written in Ruby as a Ruby on Rails web application with jQuery used as the JavaScript library. Refinery CMS supports Rails 3.2 and Rails 4.2. Refinery differs from similar products by targeting a non-technical end user and allowing the developer to create a flexible website […]

Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities

Recently I got an assignment where I had to work on the Umbraco application – a free Open Source Content Management System built on the ASP.NET platform and is used by more than 2,25,000 websites. While performing the security testing of this application, I discovered serious vulnerabilities within this application, allowing to perform SSRF attack, CSRF Bypass […]

cPanel releases security patches for 20 critical vulnerabilities

The cPanel security team has identified several security concerns in their control panel software. They have also released patches to address all these security concerns with the cPanel and WHM product. This patch basically addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48. The patches include following vulnerability fix  Arbitrary […]

Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]

PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9

vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]

Tool to Detect SQL injection vulnerability in Joomla 3.2 to 3.4.4 versions!

It pleases us to announce the release of our new tool that we create in order to detect SQL injection vulnerability in the affected versions of Joomla CMS 3.2 to 3.4.4. So to scan your website for detection of SQL injection vulnerability, please visit here You can test for Joomla 3.4.4 SQL injection for the vulnerabilities having […]