Archive | Exploits/Vulnerabilities


11 January 2007 | 5,245 views

Microsoft Word 0-day Exploits – QUESTION.DOC

There’s been quite a few Microsoft related exploits recently, but not in Windows, people have moved their focus towards the application layer and the top of the OSI stack. This time it was a 0-day Vulnerability in Microsoft Word. The original news comes from SANS Internet Storm Center Diary (ISC). Microsoft has reported Word 2003, [...]

Continue Reading


09 January 2007 | 15,286 views

WordPress 2.0.5 Trackback Vulnerability with Exploit

WordPress was “born out of a desire for an elegant, well-architectured personal publishing system built on PHP and MySQL and licensed under the GPL. It is the official successor of b2/cafelog. WordPress is fresh software, but its roots and development go back to 2001. It is a mature and stable product. We hope by focusing [...]

Continue Reading


05 January 2007 | 7,236 views

Serious Exploit in Windows Media Player (WMP)

Oh look! Another 0-day in Windows…this time in Media Player, there was a few in Word lately and the latest thing that just hit is an XSS flaw in PDF files online. I’ll report more on those later. The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of [...]

Continue Reading


01 January 2007 | 85,056 views

eEye Launches 0-Day Exploit Tracker

Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone. 0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers [...]

Continue Reading


30 December 2006 | 12,786 views

IE & Firefox Both Effected by Fake Login Flaw

It seems the recent fake login flaw effects both Internet Exploder and Firefox. Good to keep alert and with the new update mechanism it’s very simple to update your Firefox installation. The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users’ login credentials via [...]

Continue Reading


27 December 2006 | 3,021 views

Firefox Patches 8 Security Vulnerabilities with 2.0.0.1

Grab the new Firefox now, 2.0.0.1! 8 Security Vulnerabilities have been fixed in this last release of the year 2006. I’m glad to see Firefox upholding their quick turnaround and rapid fixing of issues that spring up during development and improvement of their product. Mozilla has released the first update for the Firefox 2.0 browser [...]

Continue Reading


05 December 2006 | 8,067 views

Metasploit 3.0 Beta 3 Released

The Metasploit Framework is an advanced open-source exploit development platform. The 3.0 tree represents a complete rewrite of the 2.0 codebase and provides a scalable and extensible framework for security tool development. The 3.0 Beta 3 release includes support for exploit automation, 802.11 wireless packet injection, and kernel-mode payloads. Windows users are now presented with [...]

Continue Reading


04 December 2006 | 6,984 views

Internet Explorer 7 (IE7) Vulnerability Hits the Streets

This was a while back, but with Microsoft’s security record it’s pretty much inevitable.. Even before release (as with Vista) flaws were found. Introduction A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. Please use the test below, to see an example of how [...]

Continue Reading


27 November 2006 | 19,722 views

Metasploit 2.7 Released – Automated Hacking

The Metasploit Framework is an advanced open-source exploit development platform. The 2.7 release includes three user interfaces, 157 exploits and 76 payloads.The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment. Windows users are encouraged to update as soon [...]

Continue Reading


24 November 2006 | 3,879 views

Oracle MEGA Patch Fixes 101 Security Bugs

Oracle in its very own style recently published a mega patch, it could be called the mother of all patches. Actually 101 bugs…the scary part is 45 can be exploited remotely. Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD [...]

Continue Reading