Archive | Exploits/Vulnerabilities


30 March 2007 | 12,242 views

Metasploit Exploit Framework Version 3.0 Released

Finally it’s out of BETA, Metasploit Framework Version 3.0 has been released and it’s a lot more Windows friendly. The Metasploit Framework (“Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a […]

Continue Reading


21 March 2007 | 5,832 views

Technika – Automate Common Exploit Tasks

Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the currently […]

Continue Reading


06 March 2007 | 6,807 views

WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!

Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1). Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate. This morning we received a note to our security mailing address about unusual and highly exploitable […]

Continue Reading


22 February 2007 | 5,025 views

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment. […]

Continue Reading


19 February 2007 | 10,272 views

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit […]

Continue Reading


13 February 2007 | 8,216 views

0-day Vulnerability Effects Solaris – Disable Telnet NOW!

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:

Cool eh? The Internet Storm Center is urging system administrators to disable or […]

Continue Reading


09 February 2007 | 5,704 views

Google Fixes Serious Vulnerability in Gmail

Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has fixed […]

Continue Reading


07 February 2007 | 3,561 views

Secunia Releases Software Inspector

Feature Overview – The Secunia Software Inspector: Detects insecure versions of applications installed Verifies that all Microsoft patches are applied Assists you in updating your system and applications Runs through your browser. No installation or download is required. How Does it Work: The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise […]

Continue Reading


31 January 2007 | 9,444 views

Visa Security Flaws Prior to Consumer Release

Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better.. But still it’s from Microsoft, how long until we get a remote root exploit giving the highest […]

Continue Reading


18 January 2007 | 6,213 views

PHP Security Specialist (Stefan Esser) Resigns

This is sad news as PHP hasn’t particularly had a good security record in the past. He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having […]

Continue Reading