Archive | Exploits/Vulnerabilities


23 August 2006 | 4,673 views

libtiff Vulnerability gives hope for a new GTA-less PSP exploit

QJ.net forums have been abuzz lately with the talk of a possible new exploit centered around a libtiff vulnerability. NOPx86 stating that he’d managed to crash the PSP using this method. As those of you who follow these things know, a crash doesn’t always mean an open door to an exploit. But after a cumulative [...]

Continue Reading


17 August 2006 | 4,858 views

Bot Herders Go After MS06-40 Exploit

Malware herders are speeding up, the first wave is already here for MS06-40. It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit. Same as the days of autorooters. It’s basically the Mocbot trojan that was used in the Zotob worm attack in [...]

Continue Reading


14 August 2006 | 4,211 views

OpenOffice.org Security ‘Insufficient’

It seems people are turning some attention towards the security of Open Office finally, I for one say this is a good thing as it means it’s making inroads, it’s becoming popular, it’s getting to be a contender. If people are seriously considering the security implications of using Open Office it means they are actually [...]

Continue Reading


10 August 2006 | 4,544 views

OWASP – Fortify Bug Taxonomy

Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of [...]

Continue Reading


27 July 2006 | 17,135 views

Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below

Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you [...]

Continue Reading


14 July 2006 | 15,333 views

Linux Kernel 2.6.x PRCTL Core Dump Handling – Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

A working version of the exploit used to escalate privileges to root in the recent Debian breakin, ah another root kernel exploit. It’s to do with the way the kernel handles file permissions (or lack of) on core dumps. Linux kernel is prone to a local privilege-escalation vulnerability. A local attacker may gain elevated privileges [...]

Continue Reading


13 July 2006 | 5,740 views

Debian Development Machine ‘gluck’ Hacked!

Ah, I wonder what happened? I’ve always been a great fan of Debian, all the way back into the early days of woody and backporting apt packages. What a name too, gluck to me usually means g’luck or good luck ;) Early this morning we discovered that someone had managed to compromise gluck.debian.org. We’ve taken [...]

Continue Reading


04 July 2006 | 8,091 views

Month of Browser Bugs (MoBB)

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs. Quoting from Browser Fun blog: This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a [...]

Continue Reading


28 June 2006 | 5,173 views

Web Services Attack Frequency Increasing

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others. As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers [...]

Continue Reading


20 June 2006 | 4,893 views

3Com’s TippingPoint Finds New IE Vulnerabilities

What? New vulnerabilities in Internet Explorer? You can hack Internet Exploder Explorer? Never! 3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI). The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with [...]

Continue Reading