Cross-site scripting (XSS) vulnerability in XZERES 442SR OS on 442SR wind turbines allows remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Monthly Archives: March 2016
Bored With Chess? Here's How To Play Basketball in Facebook Messenger
Hope all of you have enjoyed the Game of Chess in the Facebook Messenger.
But if you’re quite bored playing Chess or not really good at the game, then you probably felt a bit excited about Facebook’s recent inclusion of a little Basketball mini-game into Messenger.
Now you can play Basketball through Facebook Messenger, just by typing in the Basketball emoji and sending to one of your
Apple Engineers say they may Quit if ordered to Unlock iPhone by FBI
Apple Vs. FBI battle over mobile encryption case is taking more twists and turns with every day pass by.
On one hand, the US Department of Justice (DOJ) is boldly warning Apple that it might compel the company to hand over the source code of its full iOS operating system along with the private electronic signature needed to run a modified iOS version on an iPhone, if…
…Apple does not
How to Make $100,000? Just Hack Google Chromebook
Yes, you could earn $100,000 if you have the hacking skills and love to play with electronics and gadgets.
Google has doubled its top bug bounty for hackers who can crack its Chromebook or Chromebox machine over the Web.
So if you want to get a big fat check from Google, you must have the ability to hack a Chromebook remotely, that means your exploit must be delivered via a Web page.
APH improves margins, drives revenue with AVG Business solutions
One of the things I enjoy about my role is receiving feedback from our AVG partners. A recent example is APH in the UK.
The team at APH was ready to take a more modern and proactive approach to their operations. But one challenge was the ability to expand their customer base – 110+ small-and-medium businesses operating in the distribution, manufacturing, engineering and services sectors – with the same APH staff of 15. The team had to be able to close the loop on the better management and delivery of a complete managed services solution.
AVG Managed Workplace and its integrated Premium Remote Control, plus the quality of the technical and sales support from AVG Business, convinced APH to migrate its entire base of managed service clients from a standard antivirus product to the full-service AVG Business solutions platform.
Chris Carter, the Technical Infrastructure Consultant at APH, explains how APH’s move to AVG CloudCare and AVG Managed Workplace is a win for their clients and for them: “AVG AntiVirus picks up more threats than other products we were using, plus the AVG Business stack gives us wider, proactive control over the complete infrastructure at our client sites.”
As a trusted technology partner, we provide the support our partners need to confidently build relationships with their clients. Chris is being supported by his AVG partner account manager who “wants to know where we’re trying to take our company and is helping us decide which services and features of the AVG Business stack can strengthen our customers’ infrastructure while creating profitable, long-term revenue streams for us.”
Having completed the first phase of the AVG Business rollout, APH is now able to pre-empt client system faults as it takes advantage of AVG’s single pane of glass view, its automatic network discovery and monitoring, remote management and network audit reports.
And next, the remote, automation and reporting capabilities of the AVG Business solutions will allow the APH team to better schedule PC maintenance, coordinate patch management and control the rollout of Windows updates.
As Chris explains, APH has made the decision to “cover the cost of client installations because within a year we’ll be supporting only one product. We have higher profits from the new licences because the margin difference between where we were and where we are now with AVG Business is significant.”
Chris also says the detailed reporting within AVG Managed Workplace “will allow us to see what’s happening with all assets on every customer site and give us the opportunity to upsell services.”
Where are they headed as an AVG channel partner? There are no limits.
Nmap Port Scanner 7.10
Nmap is a utility for port scanning large networks, although it works fine for single hosts. Sometimes you need speed, other times you may need stealth. In some cases, bypassing firewalls may be required. Not to mention the fact that you may want to scan different protocols (UDP, TCP, ICMP, etc.). Nmap supports Vanilla TCP connect() scanning, TCP SYN (half open) scanning, TCP FIN, Xmas, or NULL (stealth) scanning, TCP ftp proxy (bounce attack) scanning, SYN/FIN scanning using IP fragments (bypasses some packet filters), TCP ACK and Window scanning, UDP raw ICMP port unreachable scanning, ICMP scanning (ping-sweep), TCP Ping scanning, Direct (non portmapper) RPC scanning, Remote OS Identification by TCP/IP Fingerprinting, and Reverse-ident scanning. Nmap also supports a number of performance and reliability features such as dynamic delay time calculations, packet timeout and retransmission, parallel port scanning, detection of down hosts via parallel pings.
Lynis Auditing Tool 2.2.0
Lynis is an auditing tool for Unix (specialists). It scans the system and available software to detect security issues. Beside security related information it will also scan for general system information, installed packages and configuration mistakes. This software aims in assisting automated auditing, software patch management, vulnerability and malware scanning of Unix based systems.
WebsiteBaker CMS 2.8.3-SP5 SQL Injection
WebsiteBaker CMS version 2.8.3-SP5 suffers from a remote SQL injection vulnerability.
Dating Pro Genie 2015.7 Cross Site Request Forgery
High-Tech Bridge Security Research Lab discovered multiple cross site request forgery (CSRF) vulnerabilities in a popular dating social network Dating Pro. A remote unauthenticated attacker can perform CSRF attacks to change administrator’s credentials and execute arbitrary system commands. Successful exploitation of the vulnerability may allow attacker to gain complete control over the vulnerable website, all its users and databases. suffers from a cross site request forgery vulnerability.
iTop 2.2.1 Cross Site Request Forgery
High-Tech Bridge Security Research Lab discovered a remote code execution vulnerability in iTop that is exploitable via cross site request forgery flaw that is also present in the application. The vulnerability exists due to absence of validation of HTTP request origin in “/env-production/itop-config/config.php” script, as well as lack of user-input sanitization received via “new_config” HTTP POST parameter.