Archive | Exploits/Vulnerabilities


14 November 2006 | 22,628 views

Installing Nessus on Debian-based OSs like Ubuntu

With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner. Installing: I personally use apt-, however, you may choose any other package manager. apt-get install nessus nessusd -y [...]

Continue Reading


31 October 2006 | 5,580 views

New Firefox vulnerability – DoS and [DELETED] – UPDATED

This has just been posted to Bugtraq. For now you can test if your version is vulnerable, here. (will cause Firefox to close) So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable. The code used on the test page and the one submitted to Bugtraq can [...]

Continue Reading


12 October 2006 | 11,765 views

FindBugs – Find Bugs in Java Programs

FindBugs looks for bugs in Java programs. It is based on the concept of bug patterns. A bug pattern is a code idiom that is often an error. Bug patterns arise for a variety of reasons: Difficult language features Misunderstood API methods Misunderstood invariants when code is modified during maintenance Garden variety mistakes: typos, use [...]

Continue Reading


05 September 2006 | 32,324 views

The Top 10 PHP Security Vulnerabilities from OWASP

This is a useful article that has basically taken the OWASP Top 10 Vulnerabilities and remapped them to PHP with actual examples. The Open Web Application Security Project released a helpful document that lists what they think are the top ten security vulnerabilities in web applications. These vulnerabilities can, of course, exist in PHP applications. [...]

Continue Reading


23 August 2006 | 4,673 views

libtiff Vulnerability gives hope for a new GTA-less PSP exploit

QJ.net forums have been abuzz lately with the talk of a possible new exploit centered around a libtiff vulnerability. NOPx86 stating that he’d managed to crash the PSP using this method. As those of you who follow these things know, a crash doesn’t always mean an open door to an exploit. But after a cumulative [...]

Continue Reading


17 August 2006 | 4,859 views

Bot Herders Go After MS06-40 Exploit

Malware herders are speeding up, the first wave is already here for MS06-40. It’s basically a variant of some old malware suited to the new vulnerability. Same old story then, same packer, technique, new exploit. Same as the days of autorooters. It’s basically the Mocbot trojan that was used in the Zotob worm attack in [...]

Continue Reading


14 August 2006 | 4,212 views

OpenOffice.org Security ‘Insufficient’

It seems people are turning some attention towards the security of Open Office finally, I for one say this is a good thing as it means it’s making inroads, it’s becoming popular, it’s getting to be a contender. If people are seriously considering the security implications of using Open Office it means they are actually [...]

Continue Reading


10 August 2006 | 4,544 views

OWASP – Fortify Bug Taxonomy

Ah at last a good solid collaborative effort to identify and categorise software vulnerabilities with a solid taxonomy and good organisation! It seems very well written too in terms that anyone familiar with software development or programming can understand. Fortify Software, which identifies and remediates software vulnerabilities, has contributed its collection of 115 types of [...]

Continue Reading


27 July 2006 | 17,135 views

Serious WordPress Vulnerability/Exploit Verion 2.0.3 and Below

Yes that means all versions including the current version and before, 2.0.4 has not yet been released at the current time. An exploit has been discovered in the current release of WordPress, affecting WordPress 2.0.3 and below (including 1.5.x) that allows these subscribed users to cause some serious damage. It’s recommended at present if you [...]

Continue Reading


14 July 2006 | 15,337 views

Linux Kernel 2.6.x PRCTL Core Dump Handling – Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

A working version of the exploit used to escalate privileges to root in the recent Debian breakin, ah another root kernel exploit. It’s to do with the way the kernel handles file permissions (or lack of) on core dumps. Linux kernel is prone to a local privilege-escalation vulnerability. A local attacker may gain elevated privileges [...]

Continue Reading