The Hacker News — Most Popular Cyber Security, Hacking News Site: Web Application Security

MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

MediaWiki Remote Code Execution vulnerability leaves Wikipedia open for Cyber attacks

January 29, 2014Anonymous
The Encyclopedia giant WIKIPEDIA has been found vulnerable to remote code execution because of a critical flaw in the MediaWiki softwa...
Yahoo fixes Critical Remote Command Execution vulnerability

Yahoo fixes Critical Remote Command Execution vulnerability

January 25, 2014Mohit Kumar
Cyber Security Expert and Penetration tester, Ebrahim Hegazy has found a serious vulnerability in Yahoo's website that allows an a...
Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

Hacker demonstrated 'Remote Code Execution' vulnerability on EBay website

December 13, 2013Mohit Kumar
A German Security researcher has demonstrated a critical  vulnerability on Ebay website, world's biggest eStore. According to David Vi...
Thousands of websites based on Ruby on Rails vulnerable to Cookie Handling flaw

Thousands of websites based on Ruby on Rails vulnerable to Cookie Handling flaw

November 29, 2013Anonymous
Ruby on Rails contains a flaw in its design that may allow attackers to more easily access applications. Websites that rely on Ruby on Rails...
Hacker stole $100,000 from Users of California based ISP using SQL Injection

Hacker stole $100,000 from Users of California based ISP using SQL Injection

October 21, 2013Mohit Kumar
In 2013 we have seen a dramatic increase in the number of hack attacks attempted against banks, credit unions and utility companies usin...
Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

Web Application Security : PHP SuperGlobal Variables are vulnerable to Hackers

September 09, 2013Mohit Kumar
Hackers are focusing on vulnerabilities in the PHP web application development platform threatening 80% websites in the world, including...
Microsoft's Social network Yammer vulnerable to OAuth Bypass hack

Microsoft's Social network Yammer vulnerable to OAuth Bypass hack

August 04, 2013Mohit Kumar
Yammer , is the Enterprise Social Network service that was launched in 2008 and sold to Microsoft in 2012. Yammer is a secure, priva...
LinkedIn Clickjacking vulnerability tricks users to spam links

LinkedIn Clickjacking vulnerability tricks users to spam links

July 13, 2013Wang Wei
A Clickjacking vulnerability existed on LinkedIn that allowed an attacker to trick users for sharing and posting links on behalf of victim....
Vulnerability in Whatsapp messenger media server

Vulnerability in Whatsapp messenger media server

June 12, 2013Mohit Kumar
If you own an iPhone or an Android device, then the chances are high that you're familiar with the extremely popular cross-platform m...
Drupal resets 1 Million Passwords after Data Breach

Drupal resets 1 Million Passwords after Data Breach

May 31, 2013Anonymous
A Drupal data breach was announced by the official Drupal Association, that Passwords for almost one million accounts on the Drupal.org we...
Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

Upgrade ModSecurity to version 2.7.4 for fixing Denial of Service Vulnerability

May 29, 2013Mohit Kumar
ModSecurity is an open source web application firewall. It provides protection from a range of attacks against web applications and allows ...
SSH Backdoor accounts in multiple Barracuda Products

SSH Backdoor accounts in multiple Barracuda Products

January 26, 2013Mohit Kumar
Firewall, VPN and spam filtering products from Barracuda Networks contains hidden hard coded backdoor ed SSH accounts, that allow any hack...
NASA 'Space your Face' domain hacked

NASA 'Space your Face' domain hacked

January 07, 2013Wang Wei
Another basic security loop-hole in NASA website lead to a Hack. This time hacker going by name " p0ison-r00t " deface a sub dom...
How to Minimize Web Application Security Risk !

How to Minimize Web Application Security Risk !

October 19, 2012Mohit Kumar
With Web applications remaining a popular target for attackers, Web app security sometimes seems like a digital version of the " Go...