CryptoLocker ransomware crooks offer "late payment penalty" option

Posted by Hemant at Monday, November 04, 2013 on Monday, 4 November 2013
The crooks behind the CryptoLocker malware seem to have introduced a second chance option.
Victims, it seems, can now change their minds about not paying up.
Assume you were a victim of this devious malware, and decided, "No! I will not pay!"
Imagine that you've done a full cleanup; removed the malware from memory, hard disk and Windows registry; and gone to see what you can recover from your backup disks.
Now imagine that you are having malware cleaner's remorse.
Perhaps paying $300 would have been the pragmatic approach?
Read more »
Pin It

Labels: , , 0 comments

Horde Groupware Web Mail Edition 5.1.2 - CSRF Vulnerability

Posted by Hemant at Monday, November 04, 2013
#############################
Exploit Title : Multiple CSRF Horde Groupware Web mail Edition
Author:Marcela Benetrix
Date: 10/25/13
version: 5.1.2
software link:http://www.horde.org/apps/webmail
  
#############################
GroupWare Web mail Edition
  
Horde Groupware Webmail Edition is a free, enterprise ready, browser based
communication suite. Users can read, send and organize email messages and
manage and share calendars, contacts, tasks, notes, files, and bookmarks 
with the standards compliant components from the Horde Project
Read more »
Pin It

Labels: , , , , , , , 0 comments

SpearPhisher – A Simple Phishing Email Generation Tool

Posted by Hemant at Monday, November 04, 2013


SpearPhisher is a simple point and click Windows GUI tool designed for (mostly) non-technical people who would like to supplement the education and awareness aspect of their information security program. Not only is it useful to non-technical folks, penetration testers may find it handy for sending quick and easy ad-hoc phishing emails. The tool supports specifying different sending names and email addresses, multiple recipients via TO, CC, BCC, and allows bulk loading with one recipient email address per line in a file. It allows customization of the subject, adding one attachment, and SSL support for SMTP enabled mail servers.
Read more »
Pin It

Labels: , , , , , , , , 0 comments

Retire.js - Command line Scanner and Chrome plugin

Posted by Hemant at Monday, November 04, 2013
Retire.js identify JavaScript libraries with known vulnerabilities in your application  


Retire.js is a command line scanner that helps you identify dependencies with known vulnerabilites in your application. Using the provided Grunt plugin you can easily include Retire.js into your build process. Retire.js also provides a chrome extension allowing you to detect libraries while surfing your website. 

To detect a given version of a given component, Retire.js uses filename or URL. If that fails, it will download/open the file and look for specific comments within the file. If that also fails, there is the possibility to use hashes for minified files.
Read more »
Pin It

Labels: , , , , , 0 comments

Quick Paypal Payments 3.0 - Presistant XSS (0day)

Posted by Hemant at Monday, November 04, 2013
AFFECTED PRODUCT
================
  
Quick Paypal Payments  Wordpress Plugin Version 3.0 possibly earlier
  
  
VULNERABILITY CLASS
===================
  
Cross-Site Scripting
  
  
DESCRIPTION
===========
  
  
Quick Paypal Payments suffers from a persistent Cross-Site Scripting vulnerability due to a lack
of input validation and output sanitization of the "reference" and "amount" paramaters.
Other input fields are also effective to reflective cross site scripting.
Read more »
Pin It

Labels: , , , , , , 0 comments

Security Agencies Target Tor Network

Posted by Hemant at Monday, November 04, 2013
The NSA has repeatedly tried to attack people using Tor, a popular tool protecting their Internet anonymity. This is despite the fact the software is primarily funded and promoted by the government of the United States itself.

NSA-laptop-010.jpg

According to secret NSA files, disclosed by Edward Snowden, the agency successfully identified Tor users and then attacked vulnerable software on their machines.
Read more »
Pin It

Labels: , , , , , 0 comments

Typo3 - Directory Traversal Vulnerability

Posted by Hemant at Sunday, November 03, 2013 on Sunday, 3 November 2013

EDB-ID: 29355 CVE: N/A OSVDB-ID: N/A
Author: Ali Morshedloo Published: 2013-11-01 Verified: Verified
Exploit Code:   Download Vulnerable App:   N/A

###########################
# Exploit Title : Typo3 File Disclosure
# Exploit Author : Iran Security Team
# Discovered By : Red.Eagle
# Home : WWW.IrSecTeam.org
# Dork1 : inurl:fileadmin/php/commun/download.php
# Dork2 : inurl:fileadmin/scripts/download.php

# Date: 2013 1 November
# Tested on:windows 7
# Software Link: http://typo3.org/
# Contact To Me: https://www.facebook.com/r3d.3agl3
###########################
Read more »
Pin It

Labels: , , , , , 0 comments
Subscribe to: Posts (Atom)

Hey Guys I am making a Penetration Testing Linux Distro & I need a name for it could u plzz suggest me one ... so far following are the suggestions I got