Archive | Exploits/Vulnerabilities


13 February 2007 | 8,211 views

0-day Vulnerability Effects Solaris – Disable Telnet NOW!

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:

Cool eh? The Internet Storm Center is urging system administrators to disable or [...]

Continue Reading


09 February 2007 | 5,701 views

Google Fixes Serious Vulnerability in Gmail

Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has fixed [...]

Continue Reading


07 February 2007 | 3,561 views

Secunia Releases Software Inspector

Feature Overview – The Secunia Software Inspector: Detects insecure versions of applications installed Verifies that all Microsoft patches are applied Assists you in updating your system and applications Runs through your browser. No installation or download is required. How Does it Work: The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise [...]

Continue Reading


31 January 2007 | 9,442 views

Visa Security Flaws Prior to Consumer Release

Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better.. But still it’s from Microsoft, how long until we get a remote root exploit giving the highest [...]

Continue Reading


18 January 2007 | 6,213 views

PHP Security Specialist (Stefan Esser) Resigns

This is sad news as PHP hasn’t particularly had a good security record in the past. He has voiced his frustrations with the internal workings of the PHP team and the development process, he has been working hard to make PHP inherently more secure…But from the look of things it seems like he was having [...]

Continue Reading


17 January 2007 | 4,554 views

WordPress 2.0.7 Follows Hot on the Tail of WordPress 2.0.6

Recently a bug in certain versions of PHP came to the attention of the WordPress developers, this bug could cause a security vulnerability in your any blogs running version 2.0.6 or below blog. It was fairly easy to work around, so they decided to release 2.0.7, just 10 days after the release of 2.0.6, to [...]

Continue Reading


11 January 2007 | 5,249 views

Microsoft Word 0-day Exploits – QUESTION.DOC

There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack. This time it was a 0-day Vulnerability in Microsoft Word. The original news comes from SANS Internet Storm Center Diary (ISC). Microsoft has reported Word 2003, [...]

Continue Reading


09 January 2007 | 15,290 views

WordPress 2.0.5 Trackback Vulnerability with Exploit

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing [...]

Continue Reading


05 January 2007 | 7,238 views

Serious Exploit in Windows Media Player (WMP)

Oh look! Another 0-day in Windows…this time in Media Player, there was a few in Word lately and the latest thing that just hit is an XSS flaw in PDF files online. I’ll report more on those later. The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of [...]

Continue Reading


01 January 2007 | 85,075 views

eEye Launches 0-Day Exploit Tracker

Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone. 0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers [...]

Continue Reading