Archive | Exploits/Vulnerabilities


18 February 2008 | 10,762 views

Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones. It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much […]

Continue Reading

11 February 2008 | 13,193 views

Adobe Reader Vulnerability Being Actively Exploited

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites. Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2). Personally I don’t have […]

Continue Reading

29 January 2008 | 45,958 views

Metasploit Framework v3.1 Released for Download

Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster. Good to see an update so soon after Metasploit Framework v3.0 was released. I keep closely up to date with Metasploit as it’s pretty much the best free tool […]

Continue Reading

28 January 2008 | 5,171 views

Data Leakage Bug in Mozilla Firefox Confirmed

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla. It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?). It’s rated as low risk, but it can give away the existence […]

Continue Reading

31 December 2007 | 10,166 views

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool and […]

Continue Reading

24 December 2007 | 9,539 views

Nikto 2 Released – Web Server Scanning Tool

Another one that has been a long time coming, but finally here it is! Nikto 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan […]

Continue Reading

19 December 2007 | 14,252 views

Inguma 0.0.6 Released for Download – Free Pen-testing Framework

Quite a few people seem to be interested in this tool, so here is the latest revision – Inguma 0.0.6. For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, […]

Continue Reading

13 December 2007 | 14,855 views

Microsoft Plugs 11 Serious Flaws in December Update

Seen as though we’ve been having a good bash on Microsoft recently, here’s some more relevant news. The December update from Microsoft has delivered patches for 11 series flaws spanning both IE6 & IE7 and all their currently supported operating systems (Windows 2000, Windows XP and Windows Vista). So if you are running Windows, make […]

Continue Reading

11 December 2007 | 5,181 views

Serious Flaw in Popular Media Players from Microsoft and AOL

It looks like there is a fairly serious vulnerability in some of the popular media player packages out in the wild packaged as a MP4 file (due to the MP4 codec from 3ivx), it effects Windows Media Player 6.4 and Windows Media Player Classic, which are made by Microsoft, and AOL’s Winamp version 3.5. All […]

Continue Reading

07 December 2007 | 4,060 views

SANS Top 20 Vulnerabilities Published for 2007

It’s that time of the year, our annual christmas present – the Sans Top 20 Vulnerabilities for 2007. The SANS Top 2007 list is not “cumulative.” We include only critical vulnerabilities from the past year or so. If you have not patched your systems for long time, it would be wise to patch the vulnerabilities […]

Continue Reading