You are here

Security

Payback.in vulnerable to SQL injection attacks

Submitted by Karthik on 21 May, 2012 - 16:17

ZSecure, a security consulting company which made a few ripples last year when it announced vulnerabilities detected on HDFC's website, has made a similar discovery, this time with payback.in. Payback is a firm providing loyalty (reward points) programs for customers, in partnership with a number of well known brands.

Cisco announces flaw in in two of its management tools

Submitted by Karthik on 8 April, 2004 - 10:55

Computer Weekly reports that Cisco have announced yet another flaw in their software.. This follows a bunch of vulnerabilities detected last month in their router and switch IOS software.

A default user name and password combination were written, or "hard coded", into the software which runs on both devices and cannot be disabled. A malicious user who had the password would have complete control of the affected device, which could be used as a platform for further attacks, Cisco warned.

This must be the millionth "preset username and password" flaw reported in a networking device; albeit this time it's hard-coded :S Patches are available..

Subscribe to RSS - Security