Archive | Exploits/Vulnerabilities

Advertisements


07 December 2007 | 4,060 views

SANS Top 20 Vulnerabilities Published for 2007

It’s that time of the year, our annual christmas present – the Sans Top 20 Vulnerabilities for 2007. The SANS Top 2007 list is not “cumulative.” We include only critical vulnerabilities from the past year or so. If you have not patched your systems for long time, it would be wise to patch the vulnerabilities […]

Continue Reading


06 December 2007 | 10,885 views

MSF eXploit Builder – Free Win32 Exploit Development Platform

The MSF eXploit Builder (MSF-XB) is a free win32 application (GUI) that wants to be an Exploit Development Platform. The main goal is to speed up the exploit development process, this is accomplished by using the powerful functionalities and neat design of The Metasploit Framework. MSF-XB automatically generates MSF compliants exploits modules. The MSF-XB package […]

Continue Reading


03 December 2007 | 4,597 views

WabiSabiLabi Pimping ClamAV Vulnerability & Exploit

Interesting, a new arena for marketing spin and sales talk – the auctioning of exploits. WabiSabiLabi is pushing hard for a good price for a ClamAV vulnerability and exploit that it has gotten hold of, it’s dosing it up with a good portion of spin to make it seem like the next big thing – […]

Continue Reading


14 November 2007 | 8,446 views

Inguma 0.0.5 Released for Download – Penetration Testing Toolkit

Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, exploits, and a disassembler. We did mention it back in August when it first hit the streets. With new QT interface: If you haven’t used […]

Continue Reading


09 October 2007 | 2,741 views

SSA Version 1.5.2 – OVAL Vulnerability Assessment Software

SSA (Security System Analyzer) is free non-intrusive OVAL-Compatible software. It provides security testers, auditors with an advanced overview of the security policy level applied. Features : OVAL-compatible product SCAP (Security Content Automation Protocol) Perform a deep inventory audit on installed softwares and applications Scan and map vulnerabilities using non-intrusive techniques based on schemas Detect and […]

Continue Reading


24 September 2007 | 4,393 views

Voting Machines Lose to Hackers Again

I’m sure everyone remembers the Diebold voting fiasco with their system getting pwned multiple times. Back in May 2006 it was announced from multiple sources that the Diebold system was critically flawed. Then more recently Hackers in the Philippines were Invited to Crack Internet Voting, which is definitely positive step to increase security in voting […]

Continue Reading


20 September 2007 | 4,810 views

Major Web Vulnerability Effects Yahoo, MSN, Google and More

I’ve seen this from quite a few sources so it seems it’s fairly legitimate, it seems all major websites have some flaws in the way they implement cookies meaning they are vulnerable to certain types of attack. The only current solution seems to be using full time SSL or https connections full-time, if any of […]

Continue Reading


10 September 2007 | 8,310 views

PIRANA – Exploitation Framework for Email Content Filters

PIRANA is an exploitation framework that tests the security of a email content filter. By means of a vulnerability database, the content filter to be tested will be bombarded by various emails containing a malicious payload intended to compromise the computing platform. PIRANA’s goal is to test whether or not any vulnerability exists on the […]

Continue Reading


31 August 2007 | 46,752 views

Download pwdump6 and fgdump version 1.6.0 available now.

New versions of the excellent pwdump6 and fgdump have been released (1.6.0 for both!). For those that don’t know what pwdump or gfdump are.. pwdump6 is a password hash dumper for Windows 2000 and later systems. It is capable of dumping LanMan and NTLM hashes as well as password hash histories. It is based on […]

Continue Reading


27 August 2007 | 10,242 views

Pixy – New & Free Open-source XSS and SQL Injection Scanner for PHP Programs

Cross-site scripting (XSS) and SQL injection (SQLI) vulnerabilities are present in many modern web applications, and are reported continuously on pages such as BugTraq. In the past, finding such vulnerabilities usually involved manual source code audits. Unfortunately, this manual vulnerability search is a very tiresome and error-prone task. Pixy is a Java program that performs […]

Continue Reading


Advertisements