VBulletin - a popular CMS for online forum is being exploited widely by various hackers. vBulletin team released announcements about a possible exploit in versions 4.1+ and 5+ of vBulletin. The announcement read: “A potential exploit vector has been found in the vBulletin 4.1+ and 5+ installation directories. Our developers are investigating this issue at this […] Continue reading → 
Mozilla has patched a security bypass vulnerability in its products that could allow an attacker to access restricted data or execute arbitrary script code in the user browser. The vulnerable products are Mozilla Firefox, SeaMonkey, and Thunderbird. According to security advisory release (CVE-2013-1713 ), Attackers can exploit this issue to bypass the same-origin policy and certain […] Continue reading → 
VMware has fixed a privilege-escalation flaw in two of its major products VMware Workstation and VMware Player. The vulnerability could allow an attacker to gain root privileges on a linux based host machine. According to the VMware security advisory release (CVE-2013-1662), “VMware Workstation and Player contain a vulnerability in the handling of the vmware-mount command. A […] Continue reading → 
Khalil Shreateh - A Palestinian web developer and information system expert found a facebook vulnerability that allow any one to post on someone’s wall without any permission. Facebook Security team failed to recognize the critical bug which prompted Khalil to post vulnerability details on Mark Zuckerberg (Facebook CEO) wall successfully as a proof of concept. The […] Continue reading → 
Security Explorations – A polish company has found a critical Java vulnerability that bypass Java sandbox. Vulnerable versions are Java 7 and its previous ones. What’s interesting about the attack is that it’s not new. Experts say the attack method has been known for over 10 years and it should have been mitigated with the […] Continue reading → 
An Independent Pakistani Security Researcher Saadat Ullah found Multiple SQL Injection Vulnerabilities on Web Cookbook. Security Researcher also found SQL Injection and XSS vulnerabilities on nconf-1.3, Plogger Gallery and on Mybb Plugin PRO STAT. Vulnerabilities details are given below: # Exploit Title: Web Cookbook Multiple SQL Injection # Date: 2013/3/12 # Exploit Author: Saadat Ullah , [email protected] […] Continue reading → 
A Pakistani Security Researcher, Former Black Hat - Haider Mehmood Qureshi, gets 500$ reward from Facebook under Facebook Bug Bounty Program for reporting HTML Injection flaw on Facebook mobile site. Below are the details of Bug provide by the Researcher to The Hackers Post. [#] - Vulnerability Title: […] Continue reading → 
Ali Hasan Ghauri - 14 Years old , The Youngest Security Researcher found XSS vulnerability on Amazon (www.amazon.com) main site. Vulnerability is fixed by Amazon Security Team. The Security researcher told The Hackers Post that he reported XSS flaw to Amazon security team. He got immediate response with appreciation and vulnerablity fixed by them. Amazon […] Continue reading → A Pakistani Security Researcher Ali Hasan Ghauri - founder of AHPT has discovered XSS Vulnerability on Filehippo.com main site. Vulnerability still exists Security Researcher told The Hackers Post that In December 2012, the Filehippo entire domain was vulnerable and reported XSS flaw to Filehippo team but did not get any response from the company, so i decided […] Continue reading → 
BSRT-2013-003 advisory released for Vulnerabilities in BlackBerry Enterprise Server components that process images could allow remote code execution. In order to address the issues, RIM has released BlackBerry Enterprise Server 5.0.4 MR2, according to Blackberry. According to the advisory published by the company, the security holes affect the components that process TIFF images for rendering […] Continue reading →