Checkview version 1.1 for iPhone / iPod Touch suffers from a directory traversal vulnerability.

The Twitter 5.0 application for iPhone grabs images over HTTP and due to this, allows for a man in the middle attack / image swap. Proof of concept included.

Air Disk Wireless version 1.9 for iPad and iPhone suffers from local file inclusion and command injection vulnerabilities.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. The exploit for this vulnerability is javascript code which shows how to use it for memory corruption of internal JS objects (Unit32Array and etc.) and subsequent arbitrary code execution (custom ARM/x64 payloads can be pasted into the JS code). This exploit affects Apple Safari version 6.0.1 for iOS 6.0 and OS X 10.7/8. Earlier versions may also be affected. It was obtained through the Packet Storm Bug Bounty program.

A heap memory buffer overflow vulnerability exists within the WebKit's JavaScriptCore JSArray::sort(...) method. This method accepts the user-defined JavaScript function and calls it from the native code to compare array items. If this compare function reduces array length, then the trailing array items will be written outside the "m_storage->m_vector[]" buffer, which leads to the heap memory corruption. This finding was purchased through the Packet Storm Bug Bounty program.

Air Transfer Iphone version 1.3.9 suffers from remote denial of service and unauthenticated file access vulnerabilities.

WordPress Windows Desktop and iPhone Photo Uploader plugin suffers from a remote shell upload vulnerability.

Extreme Networks Aerohive HiveOS versions 11.x and below remote denial of service exploit. An unauthenticated malicious user can trigger a denial of service (DoS) attack when sending specific application layer packets towards the Aerohive NetConfig UI. This proof of concept exploit renders the application unusable for 305 seconds or 5 minutes with a single HTTP request using the action.php5 script calling the CliWindow function thru the _page parameter, denying access to the web server hive user interface.

New York continues to reign as leader of fDi’s American Cities of the Future 2019/20 ranking. San Francisco retains second place with Toronto rising to third. Naomi Davies reports.

Singapore has retained its place at the top of fDi's Asia-Pacific Cities of the Future ranking, with Shanghai and Tokyo completing the top three list. 

Dr Samir Hamrouni, CEO of the World Free Zones Organization, outlines the attributes that are essential to flourishing free zones.

The UAE's DMCC takes home the top prize in fDi’s Global Free Zones of the Year for a fifth consecutive year. 

Lithuania's Go Vilnius has been named fDi’s IPA of the Year for 2019, and organisations from across the globe are commended for their investment promotion and economic development activities. 

This tool is a wrapper for the reaver WPS attack toolkit. As there is no automatic way to prescan, decide, and then start the attack, this wrapper takes care of it. Written in perl.

Wireless Decoder is an application that demonstrates how to recover wireless passwords on Vista/Win7/Win8. Comes with source and the binary.

Wi-fEye is designed to help with network penetration testing. It allows the user to perform a number of powerful attack automatically including WEP/WPA cracking, session hijacking and more.

This is a ruby script that will generate the default WPS PIN for the Arris DG860A providing you know the HFC MAC address.

hwk is an easy-to-use wireless authentication and de-authentication tool. Furthermore, it also supports probe response fuzzing, beacon injection flooding, antenna alignment and various injection testing modes. Information gathering is selected by default and shows the incoming traffic indicating the packet types.