Monday , August 19 2019 4:04 AM
Home / Exploits / Web Application Exploits

Web Application Exploits

Twitter API Flaw Exposed Users Messages to Wrong Developers For Over a Year

The security and privacy issues with APIs and third-party app developers are something that’s not just Facebook is dealing with. A bug in Twitter’s API inadvertently exposed some users’ direct messages (DMs) and protected tweets to unauthorized third-party app developers who weren’t supposed to get them, Twitter disclosed in its Developer …

Read More »

Websites Can Now Track You Online Across Multiple Web Browsers

You might be aware of websites, banks, retailers, and advertisers tracking your online activities using different Web “fingerprinting” techniques even in incognito/private mode, but now sites can track you anywhere online — even if you switch browsers. A team of researchers has recently developed a cross-browser fingerprinting technique — the …

Read More »

Don’t Fall For This Dangerously Convincing Ongoing Phishing Attack

Security researchers have discovered a new phishing campaign targeting Gmail users, which is so convincing and highly effective that even tech-savvy people can be tricked into giving away their Google credentials to hackers. The attackers first compromise a victim’s Gmail account, and once they are in, they start rifling through …

Read More »

Critical PHPMailer Flaw leaves Millions of Websites Vulnerable to Remote Exploit

A critical vulnerability has been discovered in PHPMailer, which is one of the most popular open source PHP libraries to send emails used by more than 9 Million users worldwide. Millions of PHP websites and popular open source web applications, including WordPress, Drupal, 1CRM, SugarCRM, Yii, and Joomla comes with …

Read More »

GitLab Patches Command Execution Vulnerability

Developers with GitLab this week fixed a critical vulnerability in the open source repository management software that could have led to command execution and allowed an authenticated user to gain access to sensitive application files, tokens, or secrets. HackerOne cofounder Jobert Abma unearthed the vulnerability last week and reported it …

Read More »

Multiple Critical Remotely Exploitable Flaws Discovered in Memcached Caching System

Hey Webmasters, are you using Memcached to boost the performance of your website? Beware! It might be vulnerable to remote hackers. Three critical Remote Code Execution vulnerabilities have been reported in Memcached by security researcher Aleksandar Nikolich at Cisco Talos Group that expose major websites, including Facebook, Twitter, YouTube, Reddit, …

Read More »

Data Breach — Oracle’s Micros Payment Systems Hacked

The risks associated with data breaches continue to grow, impacting a variety of industries, tech firms, and social networking platforms. In the past few months, over 1 Billion credentials were dumped online as a result of mega breaches in popular social networks. Now, Oracle is the latest in the list. …

Read More »

Warning: 100+ Tor Nodes Designed to Spy on Hidden Services

Two researchers, Amirali Sanatinia and Guevara Noubir, from Northwestern University, carried out an experiment on the Tor Network for 72 days and discovered at least 110 malicious Tor Hidden Services Directories (HSDirs) on the network. Cory Doctorow explains: These nodes — ordinary nodes, not exit nodes — sorted through all …

Read More »

Multiple XSS security vulnerabilities in the Visual Composer WordPress plugin

There are multiple XSS security vulnerabilities in the Visual Composer WordPress plugin versions prior to 4.7.4 (releases prior to October 2, 2015). Finally WP Bakery, the creators of Visual Composer, who have addressed all identified vulnerabilities and undertaken a code audit to ensure that it is as secure as possible.Developers  whose …

Read More »

Avast Antivirus: X.509 Error Rendering Command Execution

Avast will render the commonName of X.509 certificates into an HTMLLayout frame when your MITM proxy detects a bad signature. Unbelievably, this means CN="<h1>really?!?!?</h1>" actually works, and is pretty simple to convert into remote code execution. To verify this bug, I've attached a demo certificate for you. Please find attached …

Read More »