[FD] Hacking Magento eCommerce For Fun And 17.000 USD

Hello list, Tonight I'd like to share with you my latest blog post. Seeing my personal experience with the Magento bug bounty program (and even experiences from other security researchers), it looks like they truly believe in a "security through obscurity" methodology. I'm quite disappointed by

[FD] Hacking Magento eCommerce For Fun And 17.000 USD

Hello list, Tonight I'd like to share with you my latest blog post. Seeing my personal experience with the Magento bug bounty program (and even experiences from other security researchers), it looks like they truly believe in a "security through obscurity" methodology. I'm quite disappointed by

[FD] [CFP] EuskalHack (San Sebastian / Donostia) 2016

Hi, I am submitting this CFP on behalf of EuskalHack. Tables are shown in Markdown format. Thanks, Ryan **Introduction** EuskalHack Security Congress is the first Ethical Hacking association in Euskadi, with the aim of promoting the community and culture in digital security to anyone who may be

[FD] Vulnerabilities in Mobile Safari

Hello list! There are multiple Denial of Service vulnerabilities in Mobile Safari. After conversation with Apple about all vulnerabilities in their browser during December - February, I present the second advisory. In the middle of December I checked all exploits for different browsers, which I

[FD] CVE Request: Fiyo CMS 2.0.6.1 - Multiple XSS Vulnerabilities

*1. Introduction* Affected Product: Fiyo CMS 2.0.6.1 Fixed in:2.0.6.2 Vendor Website: http://www.fiyo.org/ Vulnerability Type:XSS Remote Exploitable: Yes *2. Overview* There are multiple XSS vulnerabilities in Fiyo CMS 2.0.6.1. The vulnerabilities exist due to

[FD] [REVIVE-SA-2016-001] Revive Adserver - Multiple vulnerabilities

Revive Adserver Security Advisory REVIVE-SA-2016-001 http://www.revive-adserver.com/security/revive-sa-2016-001 =

[FD] Schneider Electric Building Operation Automation Server Multiple Vulnerabilities

*Schneider Electric Building Operation Automation Server Multiple Vulnerabilities* *Reported affected version:* Schneider Electric Building Operation Automation Server Firmware: Server 1.6.1.5000 NAME=SE2Linux ID=se2linux PRETTY_NAME=SE2Linux (Schneider Electric Embedded Linux) VERSION_ID=0.2.0.21

[FD] WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities

*WAGO IO PLC 758-870, 750-849, 750-849 vulnerabilities* *Background* According to WAGO’s Web site, WAGO is an international company based in Germany. They operate production facilities in Germany, Switzerland, Poland, China, and India. WAGO maintains offices worldwide. According to WAGO, its prod

[FD] Shakacon 2016 CFP - July 11-14 / Hawaii

Shakacon VIII - Honolulu, Hawaii "Sun, Surf, and C Shells" CALL FOR PAPERS www.shakacon.org/CFP2016.html Who: Shakacon Crew What:Shakaco

[FD] Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability

Panda SM Manager iOS Application - MITM SSL Certificate Vulnerability -- http://www.info-sec.ca/advisories/Panda-Security-SM-Manager.html Overview "Panda Systems Management is the new way to manage and monitor IT systems." "Inventory, monitoring, management, remote control and reporting... All f

[FD] Browser Security Tool: HTTPS Only 2.1 (Major Release, Open Source, Python)

When we browse the web, top threats are: 1. Remote code execution - everything is lost 2. Man in the middle - sniffing, and tampering 3. Phishing - simple, old, and still quite useful 4. Cross site scripting - data of the vulnerable domain is lost 5. CSRF - unauthorized action So, what if the brow

[FD] Vipps by DNB for Android - cryptographic vulnerabilities

Summary: = Application: Vipps by DNB Operating system: Android Versions affected: 1.1.33, 1.2.18, 1.2.20, 1.2.44 and 1.2.45 Non-vulnerable version: 1.3.0 Bugs: Cryptographic issues Vendor notification: 16.02.2016 Vendor fix: 29.02.2016 Author: Gunnar Alendal, al