The XOOPS Recipe module version 2.2 suffers from a remote SQL injection vulnerability.
197b2804308d8e205922298f88970c52f176b671c457649161e780bd0d2e8857
PHP-Fusion version 6.00.307 remote blind SQL injection exploit that makes use of submit.php.
6134178aeb7b56660fa59a9fcbec796d8152026eafa4b0fac5f93fb4731b5cdc
AllMyGuests versions 0.4.1 and below suffer from a remote SQL injection vulnerability.
7f33072849bd400424508e6b772b460dc26f9811383d88b31a978eb4d6a2e999
It appears that Google Web History is susceptible to an attack along the lines of cross site request forgery.
3e67c37c3a52b3e819ec8ff21beb4bbc682276f0a0c6164aa7e742f06f4a31df
SUSE Security Announcement - A large amount of vulnerabilities related to OpenOffice have been patched on SuSE.
844f9feac6e7fecf046f967e47d04ca672e92a3da3619753c28a416cc530a21c
The Motorola Surfboard cable modem suffers from cross site request forgery vulnerabilities.
b98c308fb47b4f3a9bf954a422d5ba85c189c273d9b9eac792e5a7f6e88acea2
Simple Customer version 1.2 suffers from a SQL injection vulnerability in contact.php.
576c21f88e3a069e914133bf420c9c3e8596d5b403842d43ab836f9cabe8df84
PhShoutBox versions 1.5 and below suffer from an insecure handling of cookies vulnerability.
54418c43af425a34ca60fca59cd326647c6b2eddc14661e8616ef2cd43c57278
OpenInvoice version 0.9 arbitrary change user password exploit.
3d2533ea10938129e8713db59be46d317b9733024bcf480f854c9fadea6e7a09
2532|Gigs versions 1.2.2 and below suffer from an arbitrary database download vulnerability.
9ee5ebba483b75345b0e35fb9111178d9cdf2f4addfe6686ccb1a0dc748e19e2
Python code that creates a file that is able to trigger a buffer overflow vulnerability in SubEdit Player build 4066.
70130ae0fb590abfb628ee4677f5f956bf3be5b9fc0461b15dbbebbd2b4e6079
Virtualization != Security - Virtualization has emerged as the most disruptive datacenter technology of the last decade. Mr. Ingevaldson from IBM Internet Security Systems will discuss the emergence of virtualization as well as the many ways that it changes traditional security architecture as well as the ways it does not. Virtualization will influence the security business much like it is reshaping IT. Mr. Ingevaldson will review the brief history of security in virtualization as well as comment on the next-generation security technologies for the virtualized datacenter.
8d383025969032a36e2bacadfeef635abcd689a53e6eb810a3d394a5f1eb85cb
How We Cracked Their Codes - A Case Study in Compromising the Most Popular High Security Lock in America.
b8b5de86321c9109e1ebf43a06b3ac64aa1305152ab68be0c84a7022f61eb241
Presentation discussing the hijacking of VSAT connections.
6dfeb2819f6eea9512236553e50c0bf610cc640a2964f073804f8b09f78b57b8
Cracking into Embedded Devices and Beyond - The presentation covers cracking into embedded devices by exploiting vulnerabilities present on default software running on the target device.
b17e69cf657c3562c5c8244483120184a84061a080f2c346f2373b88d8170d3e
Cracking the GSM A5/1 Encryption in Seconds - Presentation explaining the security, technology and protocols of a GSM network. Further discusses building a GSM scanner for 900 USD. The second part of the talk reveals a practical solution to crack the GSM encryption A5/1.
fb2ff4fbbd8c3a9085eba1671fef94bd320cb3f478b3c80f491d30ff8ed76c9c
VoIP (in)Security: Italians Do It Better - This presentation will explain in detail how a small group of annoyed Italian VoIP hackers used the Chaos Computer Club phone network during the 2007 Hacker camp for fun and profit.
518efe57180ba0d7c5e64792e43454b24d3d1634ef0768699047b17df11fd79b
Hacking Second Life - A presentation that covers the basic architecture of SecondLife and points out the possible attack vectors against SecondLife itself, but will also demonstrate hacks from the inside of SecondLife against real-life systems in the internet.
fd3518c421efc61d62c97afa9fafe5bb277b1577ffc98e5668bc5b92b66370d2
Malware: Behavior, Tools, Scripting and Advanced Analysis - Presentation discussing a new tool taht is an extension to Bochs, a popular open-source CPU emulator. This extension will provide with advanced debugging and scripting functionality enabling the easy creation of a wide range of tools. The scripting interface of this tool provides a full Python environment to control the whole CPU, memory, devices, etc. Among the examples that will be presented, time allowing, will be generic unpacking techniques, monitoring of malware behavior or low-level system access to kernel/administrative objects. The tool was created to assist the process of automated malware analysis but its flexibility make it a good candidate to also assist in vulnerability discovery.
f9882e5282c5f3eaead310c40b32cb0f3c225d921e4c88aafa3ba6fca595e3dd
Securing Next Generation Applications - Scan, Detect, and Mitigate.
d19c2013f9c13ff698a8b10c146857e5fd1996461317ffb2e89134213d493121
Hacks Happen - Conservative estimates put the total annual IT security spending in the US at $50 billion and e-crime losses at $100 billion. We are losing two dollars for every dollar spent. Those numbers are said to be worse on a global scale. Newly passed laws, industry regulation, and press coverage have certainly raised the profile of the problem, but where have these actions really gotten us?
732c1f50ff097c1e696ca7bc02cfc76b46a8058c253e98d918cd850d46a2557c
Hacking The Cell Architecture - This presentation intends to cover security aspects related to a new architecture, widely deployed and used called Cell. The architecture itself will be deeply explained, focusing on the security concerns that appear in this kind of asymmetric multi-core systems. While Cell architecture is used in the new playstation 3 it is also used in big blade machines.
6652d0e5155144577fa230a1ebfc66f7778e0db6b263a9c2ec8f132977fb67e3
Penetration Testing SCADA and National Critical Infrastructure - Real-Life Experiences and Case Studies.
f21a1ea9e81567a87aac33d06cdf7676173295bfa37f9ad68da8d0795dbbd4d0
In-depth Anti-Forensics - Challenges of Steganography and Discovering Hidden Data.
ce75ad6f552cae5156d9a3755ba145b80dbe81052871c602631d458c9ab13895
Practical Oracle Forensics - Oracle forensics is a new discipline without special tools/scripts. Most presentations about Oracle forensics are still very basic. The typical approach in these presentations is to show what tools/(log)files are available to do forensics. In the real world with huge databases (many GB, sometimes TB) it is normally not helpful. This presentation is using a different approach. Based on the different type of attackers (leaving employee, nosy DBA/employee, external hacker etc.) we have different traces in Oracle and we show in different scenarios how to find evidence. We provide a free toolset to do a (basic) forensic analysis without having deep Oracle knowledge.
20612b361c886e97ff98ce3ea92f2c60e6d189c077a2b13341e46c3521bd8f78