Archive | Exploits/Vulnerabilities


07 May 2007 | 21,319 views

Hacker Files, Tools & Software Repository – leetupload.com

This site is dedicated as a repository for “hacking” programs for Windows and Linux. Please note that hacking means nothing but tweaking or cleverly resolving a problem. Use the programs as you wish, but this site or its provider are not responsible in terms of how you use these programs, (i.e. for educational purposes only). [...]

Continue Reading


26 April 2007 | 3,710 views

SSA 1.5.1 Released – Security System Analyzer an OVAL Based Scanner

A new version of SSA (Security System Analyzer) has been released – version 1.5.1. SSA is a scanner based on OVAL, the command line tool provided by MITRE is not very easy to use so the guys at Security Database decided to write a GUI to make it simple to use and understand and then [...]

Continue Reading


18 April 2007 | 8,372 views

IE 7 Flaw Could Help Phishers – Error Message Processing

Ah another way for phishers and people wanting to steal login credentials to con IE7 users. Yet another reason to use Firefox or Opera? Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had. The flaw lies in the way IE7 processes a locally stored HTML error message [...]

Continue Reading


30 March 2007 | 12,238 views

Metasploit Exploit Framework Version 3.0 Released

Finally it’s out of BETA, Metasploit Framework Version 3.0 has been released and it’s a lot more Windows friendly. The Metasploit Framework (“Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a [...]

Continue Reading


21 March 2007 | 5,832 views

Technika – Automate Common Exploit Tasks

Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the currently [...]

Continue Reading


06 March 2007 | 6,806 views

WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!

Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1). Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate. This morning we received a note to our security mailing address about unusual and highly exploitable [...]

Continue Reading


22 February 2007 | 5,025 views

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment. [...]

Continue Reading


19 February 2007 | 10,272 views

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit [...]

Continue Reading


13 February 2007 | 8,210 views

0-day Vulnerability Effects Solaris – Disable Telnet NOW!

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:

Cool eh? The Internet Storm Center is urging system administrators to disable or [...]

Continue Reading


09 February 2007 | 5,701 views

Google Fixes Serious Vulnerability in Gmail

Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has fixed [...]

Continue Reading