Archive | Exploits/Vulnerabilities


30 October 2014 | 1,081 views

Serious Linux/UNIX FTP Flaw Allows Command Execution

A lot of old bugs have been biting us on the butt lately, and here’s another to add to the list. This week it was discovered a fairly nasty FTP Flaw Allows Command Execution when using the old but still fairly widely used. tnftp client It’s a fairly unlikely set of circumstances however, and it [...]

Continue Reading


25 October 2014 | 925 views

Microsoft Zero Day OLE Vuln Being Exploited In Powerpoint

So the latest news is, don’t open any .ppt files if you aren’t entirely sure where they came from as there is a Microsoft Zero Day vulnerability in OLE (Object Linking and Embedding) handling in Microsoft Office that is currently being exploited in the wild by malicious Powerpoint slide decks. Not that anyone reading this [...]

Continue Reading


16 October 2014 | 3,131 views

Everything You Need To Know About POODLE SSLv3 Vulnerability

So yah, it’s been quite a year – not long after Heartbleed and then Shellshock we now have POODLE SSLv3 vulnerability. Yes, that’s right – POODLE. It is actually an acronym this time though, yay (Padding Oracle On Downgraded Legacy). Is it a huge risk? Not really as it doesn’t allow any type of remote [...]

Continue Reading


02 October 2014 | 2,733 views

OpenVPN Vulnerable To Shellshock Exploit

So last week the big news was about the cross platform exploit in BASH that we covered in our article – Everything You NEED To Know About Shellshock Bug In BASH. As mentioned in the comments, a certain combination of circumstances and configuration options can leave OpenVPN vulnerable to Shellshock. This could be a pretty [...]

Continue Reading


26 September 2014 | 3,921 views

Everything You NEED To Know About Shellshock Bug In BASH

Shellshock (CVE-2014-6271) the bug in BASH is causing havoc on the Internet this week, as far as I’m concerned it’s a bit overstated – seriously how many people are still using cgi scripts? None I hope. I do suspect though a lot of shared hosts might get owned by this as most commercial control panel [...]

Continue Reading


24 September 2014 | 1,387 views

drozer – The Leading Security Testing Framework For Android

drozer (formerly Mercury) is the leading security testing framework for Android. drozer allows you to search for security vulnerabilities in apps and devices by assuming the role of an app and interacting with the Dalvik VM, other apps’ IPC endpoints and the underlying OS. drozer provides tools to help you use, share and understand public [...]

Continue Reading


18 September 2014 | 731 views

Twitter Vulnerability Allows Deletion Of Payment Details

Twitter has been in the news a lot lately, firstly about their patent filing regarding the pro-active scanning on the web for malware and then the bug bounty going live – which is related to this story. This is a pretty neat Twitter vulnerability that was discovered by someone taking part in the Twitter bug [...]

Continue Reading


08 September 2014 | 760 views

Twitter Bug Bounty Official – Started Paying For Bugs

So the Twitter bug bounty program is now official, they are actually paying – and not a bad amount too. A minimum of $140 for a confirmed bug with no defined maximum. This includes the Twitter website itself and any sub-domain (mobile, ads, apps etc), and the official mobile apps for iOS and Android. It’s [...]

Continue Reading


20 August 2014 | 1,447 views

Heartbleed Implicated In US Hospital Leak

If you’ve been up on your news consumption in the past week or so, you’ll have read about the Chinese hackers who managed to access 4.5 million patient records in a huge US Hospital Leak. Community Health Systems hacked, records of nearly 4.5 million patients stolen Now it turns out, the first entry for this [...]

Continue Reading


11 August 2014 | 2,889 views

XML Quadratic Blowup Attack Blows Up WordPress & Drupal

This was a pretty interesting piece of news for me last week as I was actually affected by it (I think?). It’s an XML Quadratic Blowup Attack that affects both WordPress and Drupal and is quite serious as rather than just crashing the software, it can take down the whole server. It didn’t completely take [...]

Continue Reading