Monthly Archives: July 2016

Security

Debian Security Advisory 3626-1

Debian Linux Security Advisory 3626-1 – Eddie Harari reported that the OpenSSH SSH daemon allows user enumeration through timing differences when trying to authenticate users. When sshd tries to authenticate a non-existing user, it will pick up a fixed fake password structure with a hash based on the Blowfish algorithm. If real users passwords are hashed using SHA256/SHA512, then a remote attacker can take advantage of this flaw by sending large passwords, receiving shorter response times from the server for non-existing users.

Full Disclosure

Cross-Site Scripting in Contact Form to Email WordPress Plugin

Posted by Summer of Pwnage on Jul 24

————————————————————————
Cross-Site Scripting in Contact Form to Email WordPress Plugin
————————————————————————
Burak Kelebek, July 2016

————————————————————————
Abstract
————————————————————————
A reflected Cross-Site Scripting (XSS) vulnerability has…

Full Disclosure

Cross-Site Scripting in Code Snippets WordPress Plugin

Posted by Summer of Pwnage on Jul 24

————————————————————————
Cross-Site Scripting in Code Snippets WordPress Plugin
————————————————————————
Burak Kelebek, July 2016

————————————————————————
Abstract
————————————————————————
A reflected Cross-Site Scripting (XSS) vulnerability has been found…

Hackers News

Hacker Downloaded Vine's Entire Source Code. Here’s How…

Guess What? Someone just downloaded Twitter’s Vine complete source code.

Vine is a short-form video sharing service where people can share 6-second-long looping video clips. Twitter acquired the service in October 2012.

Indian Bug bounty hunter Avinash discovered a loophole in Vine that allowed him to download a Docker image containing complete source code of Vine without any hassle.
<!–