Monthly Archives: August 2016
Freepbx 13.0.35 SQL Injection
Freepbx version 13.0.35 suffers from a remote SQL injection vulnerability.
CVE-2016-5721 (zimbra_collaboration_server)
Multiple cross-site scripting (XSS) vulnerabilities in Zimbra Collaboration before 8.7.0 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors.
Chinese Certificate Authority 'mistakenly' gave out SSL Certs for GitHub Domains
A Chinese certificate authority (CA) appeared to be making a significant security blunder by handing out duplicate SSL certificates for a base domain if someone just has control over its any subdomain.
The certificate authority, named WoSign, issued a base certificate for the Github domains to an unnamed GitHub user.
But How? First of all, do you know, the traditional Digital Certificate
HelpDeskz 1.0.2 Shell Upload
HelpDeskz versions 1.0.2 and below suffer from a remote, unauthenticated shell upload vulnerability.
Dropbox Forces Password Reset for Older Users
Online storage service Dropbox began notifying users over the weekend that if they haven’t updated their password since 2012, they’ll be prompted to update it the next time they log in.