Archive | Exploits/Vulnerabilities

Advertisements


25 February 2008 | 7,510 views

Nessconnect 1.0.1 Released – GUI, CLI & API Client for Nessus

Nessconnect is an open-source software package that can connect to a Nessus or Nessus compatible server and provides an advanced graphical user interface. It also provides a command line interface, and an application programming interface in Java. Users can create custom scan profiles, generate extensive reports, and perform differential scans and analysis. Nessconnect was previously […]

Continue Reading


18 February 2008 | 10,780 views

Apple iPhone Unlocked Again – 1.1.2 and 1.1.3 Firmware

Once again Apple iPhone has been unlocked by a determined youngster, the same who was amongst the first to unlock it last year winning himself a rather nice car and a few 8gb iPhones. It just shows nothing is infallible, all he needed to find was a writable memory address and he was pretty much […]

Continue Reading


11 February 2008 | 13,194 views

Adobe Reader Vulnerability Being Actively Exploited

It seems like some recently patched flaws in Adobe Reader are actively being exploited in the wild, mostly via malicious banners from various sites. Nothing particularly nasty is happening, but a trojan is being installed which can intercept search engine results. It’s definitely recommended to update to the latest version (8.1.2). Personally I don’t have […]

Continue Reading


29 January 2008 | 46,034 views

Metasploit Framework v3.1 Released for Download

Ah Metasploit development cycle seems to be picking up, I guess with greater community support the bugs get ironed out and the new features introduced faster. Good to see an update so soon after Metasploit Framework v3.0 was released. I keep closely up to date with Metasploit as it’s pretty much the best free tool […]

Continue Reading


28 January 2008 | 5,171 views

Data Leakage Bug in Mozilla Firefox Confirmed

It seems a data leakage bug has struck Firefox recently and has been confirmed by Window Snyder the security bod at Mozilla. It’s basically a Chrome directory traversal bug (It seems a lot of the Firefox issues have had to do with chrome?). It’s rated as low risk, but it can give away the existence […]

Continue Reading


31 December 2007 | 10,249 views

wsScanner – Web Services Footprinting, Discovery, Enumeration, Scanning and Fuzzing tool

wsScanner is a toolkit for Web Services scanning and vulnerability detection. This tool has the following functions: Discovery tool By leveraging search engine this tool helps in discovering Web Services running on any particular domain or with certain name pattern. Vulnerability detection It is possible to enumerate and profile Web Services using this tool and […]

Continue Reading


24 December 2007 | 9,547 views

Nikto 2 Released – Web Server Scanning Tool

Another one that has been a long time coming, but finally here it is! Nikto 2. Nikto is an Open Source (GPL) web server scanner which performs comprehensive tests against web servers for multiple items, including over 3500 potentially dangerous files/CGIs, versions on over 900 servers, and version specific problems on over 250 servers. Scan […]

Continue Reading


19 December 2007 | 14,256 views

Inguma 0.0.6 Released for Download – Free Pen-testing Framework

Quite a few people seem to be interested in this tool, so here is the latest revision – Inguma 0.0.6. For those that don’t know, Inguma is a free penetration testing and vulnerability discovery toolkit entirely written in python. Framework includes modules to discover hosts, gather information about, fuzz targets, brute force usernames and passwords, […]

Continue Reading


13 December 2007 | 14,858 views

Microsoft Plugs 11 Serious Flaws in December Update

Seen as though we’ve been having a good bash on Microsoft recently, here’s some more relevant news. The December update from Microsoft has delivered patches for 11 series flaws spanning both IE6 & IE7 and all their currently supported operating systems (Windows 2000, Windows XP and Windows Vista). So if you are running Windows, make […]

Continue Reading


11 December 2007 | 5,182 views

Serious Flaw in Popular Media Players from Microsoft and AOL

It looks like there is a fairly serious vulnerability in some of the popular media player packages out in the wild packaged as a MP4 file (due to the MP4 codec from 3ivx), it effects Windows Media Player 6.4 and Windows Media Player Classic, which are made by Microsoft, and AOL’s Winamp version 3.5. All […]

Continue Reading


Advertisements