Tags archives: sicurezza

 

0

srm – secure file deletion for posix systems

srm is a secure replacement for rm(1). Unlike the standard rm, it overwrites the data in the target files before unlinking them. This prevents command-line recovery of the data by examining the raw block device. It may also help frustrate physical examination of the disk, although it’s unlikely that it can completely prevent that type [...]

 

0

WordPress ADPlugg 1.1.33 Cross Site Scripting

===================================================== Stored XSS Vulnerability in ADPlugg Wordpress Plugin =====================================================   . contents:: Table Of Content   Overview ========   * Title :Stored XSS Vulnerability in ADPlugg Wordpress Plugin * Author: Kaustubh G. Padwad * Plugin Homepage: https://wordpress.org/plugins/adplugg/ * Severity: Medium * Version Affected: 1.1.33 and mostly prior to it * Version Tested : 1.1.33 * [...]

 

0

WordPress WooCommerce 2.2.10 Cross Site Scripting

==================================================== Product: WooCommerce WordPress plugin Vendor: WooThemes Tested Version: 2.2.10 Vulnerability Type: Cross-Site Scripting [CWE-79] Risk Level: Medium CVSSv2 Base Score: 4.3 (AV:N/AC:M/Au:N/C:N/I:P/A:N) Solution Status: Solved in version 2.2.11 Discovered and Provided: Eric Flokstra – ITsec Security Services ==================================================== [-] About the Vendor:   WooCommerce is a popular open source WordPress e-commerce plugin with around [...]

 

0

Advanced Policy Firewall

Current Release: http://www.rfxn.com/downloads/apf-current.tar.gz http://www.rfxn.com/appdocs/README.apf http://www.rfxn.com/appdocs/CHANGELOG.apf Description: Advanced Policy Firewall (APF) is an iptables(netfilter) based firewall system designed around the essential needs of today’s Internet deployed servers and the unique needs of custom deployed Linux installations. The configuration of APF is designed to be very informative and present the user with an easy to follow process, [...]

 

0

Juli Man-In-The-Middle Script

#!usr/bin/perl use Term::ANSIColor; ############################################################################ print “**************************************************************n”; # print “+ -== JULI ==- +n”; # print “+ -== Man-in-the-middle Attack Script ==- +n”; # print “+ -== By em616 , em(at)em616.com , http://blog.em616.com ==- +n”; # print “**************************************************************n”; # ############################################################################   # Cleaning stuff system “killall -9 sslstrip arpspoof:”; system “echo ’0′ > /proc/sys/net/ipv4/ip_forward”; system “iptables [...]

 

0

PHP DateTime Use-After-Free

#Use After Free Vulnerability in unserialize() with DateTime* [CVE-2015-0273]   Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date: 2015.1.29 – Release Date: 2015.2.20   > A use-after-free vulnerability was discovered in unserialize() with DateTime/DateTimeZone/DateInterval/DatePeriod objects’s __wakeup() magic method that can be abused for leaking arbitrary memory blocks or execute arbitrary code remotely.   Affected Versions ———— Affected [...]

 

0

PHP DateTimeZone Type Confusion Infoleak

#Type Confusion Infoleak Vulnerability in unserialize() with DateTimeZone   Taoguang Chen <[@chtg](http://github.com/chtg)> – Write Date: 2015.1.29 – Release Date: 2015.2.20   > A Type Confusion Vulnerability was discovered in unserialize() with DateTimeZone object’s __wakeup() magic method that can be abused for leaking arbitrary memory blocks.   Affected Versions ———— Affected is PHP 5.6 < 5.6.6 [...]

 

0

Generare codice QR per rete wifi da terminale

      Per generare un codice QR della propria rete wifi ospiti, si può usare il terminale con l’aiuto di qrencode e zenity.   # apt-get install qrencode zenity   per creare il codice QR wifi:   $ qrencode -s -o code-qr-wifi.png “WIFI:S:$(zenity –entry –text=”Nome Rete (SSID)” –title=”Creazione QR Wifi”);T:WPA2;P:$(zenity –password –title=”Password Wifi”);;”   […]

L’articolo Generare codice QR per rete wifi da terminale sembra essere il primo su EDMOND’S WEBLOG.

 

0

Stando a GFI Apple Mac e Linux sono i SO con maggiori vulnerabilità

Stando a quanto riportato da GFI Software è Apple Mac OS X il sistema operativo con maggiori vulnerabilità, seguono il Kernel Linux e Microsoft Windows.

Vulnerabilità Sistemi Operativi 2014
Sta facendo molto discutere i dati forniti da GFI Software, analizzando l’archivio 2014 del National Institute of Standards and Technology, dedicati alla sicurezza di sistemi operativi e i più diffusi software. Secondo GFI è Apple Mac OS X il sistema operativo con maggiori vulnerabilità (147 falle di sicurezza delle quali 64 indicate come gravi) con un’aumento di circa il doppio confronto il 2013. Segue Apple iOS (127 vulnerabilità delle quali 32 gravi), e al terzo posto troviamo niente meno che il Kernel Linux (nel 2014 colpito dai vari problemi legati al protocollo OpenSSL e falle di sicurezza come Heartbleed e Shellshock) nel quale sono state riscontrate 119 vulnerabilità (24 gravi).

Continua a leggere…

 

0

WordPress Google Doc Embedder 2.5.18 Cross Site Scripting

Title: WordPress ‘Google Doc Embedder’ plugin – XSS Version: 2.5.18 Author: Morten Nørtoft, Kenneth Jepsen, Mikkel Vej Date: 2015/01/26 Download: https://wordpress.org/plugins/google-document-embedder/ Contacted WordPress: 2015/01/26 ==========================================================   ## Description: ========================================================== Lets you embed PDF, MS Office, and many other file types in a web page using the free Google Docs Viewer (no Flash or PDF browser [...]