Archive | Exploits/Vulnerabilities

Advertisements


18 April 2007 | 8,375 views

IE 7 Flaw Could Help Phishers – Error Message Processing

Ah another way for phishers and people wanting to steal login credentials to con IE7 users. Yet another reason to use Firefox or Opera? Not saying these browsers are perfect…but look at the amount of problems Internet Exploder Explorer has had. The flaw lies in the way IE7 processes a locally stored HTML error message […]

Continue Reading


30 March 2007 | 12,252 views

Metasploit Exploit Framework Version 3.0 Released

Finally it’s out of BETA, Metasploit Framework Version 3.0 has been released and it’s a lot more Windows friendly. The Metasploit Framework (“Metasploit”) is a development platform for creating security tools and exploits. Version 3.0 contains 177 exploits, 104 payloads, 17 encoders, and 3 nop modules. Additionally, 30 auxiliary modules are included that perform a […]

Continue Reading


21 March 2007 | 5,836 views

Technika – Automate Common Exploit Tasks

Technika was developed for the computer security professionals to automate common exploitative task from the browser. It acts like a standard OS shell scripting environment. You can script everything from the currently viewed page just like Greasemonkey (spawn processes, unrestricted XMLHttpRequest connections and sockets). You can autorun bookmarklets and perform safe operations on the currently […]

Continue Reading


06 March 2007 | 6,811 views

WordPress Download Server Compromised (2.1.1) – Get 2.1.2 NOW!

Some sneaky hacker got into the WordPress download server and placed a backdoor in the latest available version (2.1.1). Luckily within a day someone reported the exploit to the WordPress team and they took the site down to investigate. This morning we received a note to our security mailing address about unusual and highly exploitable […]

Continue Reading


22 February 2007 | 5,028 views

Serious XSS Flaw in Google Desktop Allows Data Theft

Google has fixed a security flaw in its desktop search software that created a means for hackers to rifle through personal files on users’ PCs. A failure in Google Desktop to “properly encode output containing malicious or unexpected characters” created a means for hackers to cross from the web environment to the desktop application environment. […]

Continue Reading


19 February 2007 | 10,274 views

Another 0-day MySpace XSS Exploit

This was a while ago, but once again unsurprising..The amount of security holes that have been discovered in MySpace (to say they hold some pretty confidential info and are a preying ground for paedos..it’s a scary thought). Once again an XSS flaw shows up in MySpace. digi7al64 found yet another hole in myspace using non-alpha-non-digit […]

Continue Reading


13 February 2007 | 8,242 views

0-day Vulnerability Effects Solaris – Disable Telnet NOW!

Solaris is pwned by a similar vulnerability to one discovered on AIX systems in 1994. Yes people that’s 13 years ago…and Sun are still vulnerable, as reported by SANS. The following will give you root on a lot of Solaris systems:

Cool eh? The Internet Storm Center is urging system administrators to disable or […]

Continue Reading


09 February 2007 | 5,711 views

Google Fixes Serious Vulnerability in Gmail

Google started the new year by fixing a serious vulnerability in Gmail. This was quite an interesting case and once again (as everything relating to web apps seems to be nowdays) it was an XSS flaw that allowed malicious attackers to steal your contact list, leading to some pretty bad information leakage. Google has fixed […]

Continue Reading


07 February 2007 | 3,563 views

Secunia Releases Software Inspector

Feature Overview – The Secunia Software Inspector: Detects insecure versions of applications installed Verifies that all Microsoft patches are applied Assists you in updating your system and applications Runs through your browser. No installation or download is required. How Does it Work: The Secunia Software Inspector relies on carefully crafted “Secunia File Signatures” to recognise […]

Continue Reading


31 January 2007 | 9,448 views

Visa Security Flaws Prior to Consumer Release

Now Vista is actually out we haven’t heard much about it, before it’s commercial release however there was a lot of flaws released and discussion about the (in)security of the OS. The architecture does seem a lot better.. But still it’s from Microsoft, how long until we get a remote root exploit giving the highest […]

Continue Reading


Advertisements