Archive | Exploits/Vulnerabilities


05 January 2007 | 7,240 views

Serious Exploit in Windows Media Player (WMP)

Oh look! Another 0-day in Windows…this time in Media Player, there was a few in Word lately and the latest thing that just hit is an XSS flaw in PDF files online. I’ll report more on those later. The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling of […]

Continue Reading


01 January 2007 | 85,082 views

eEye Launches 0-Day Exploit Tracker

Ah finally a decent 0-day exploit tracker, one that isn’t underground and could be fairly useful to everyone. 0-day as basically stated in the article is an exploit not known publicly or available publicly well before any patches are available, some private groups often have exploits for a year or more before someone else discovers […]

Continue Reading


30 December 2006 | 12,786 views

IE & Firefox Both Effected by Fake Login Flaw

It seems the recent fake login flaw effects both Internet Exploder and Firefox. Good to keep alert and with the new update mechanism it’s very simple to update your Firefox installation. The latest versions of both Firefox and Internet Explorer are vulnerable to an unpatched flaw that allows hackers to snaffle users’ login credentials via […]

Continue Reading


27 December 2006 | 3,021 views

Firefox Patches 8 Security Vulnerabilities with 2.0.0.1

Grab the new Firefox now, 2.0.0.1! 8 Security Vulnerabilities have been fixed in this last release of the year 2006. I’m glad to see Firefox upholding their quick turnaround and rapid fixing of issues that spring up during development and improvement of their product. Mozilla has released the first update for the Firefox 2.0 browser […]

Continue Reading


05 December 2006 | 8,073 views

Metasploit 3.0 Beta 3 Released

The Metasploit Framework is an advanced open-source exploit development platform. The 3.0 tree represents a complete rewrite of the 2.0 codebase and provides a scalable and extensible framework for security tool development. The 3.0 Beta 3 release includes support for exploit automation, 802.11 wireless packet injection, and kernel-mode payloads. Windows users are now presented with […]

Continue Reading


04 December 2006 | 6,984 views

Internet Explorer 7 (IE7) Vulnerability Hits the Streets

This was a while back, but with Microsoft’s security record it’s pretty much inevitable.. Even before release (as with Vista) flaws were found. Introduction A vulnerability has been discovered in Internet Explorer, which can be exploited by malicious people to disclose potentially sensitive information. Please use the test below, to see an example of how […]

Continue Reading


27 November 2006 | 19,731 views

Metasploit 2.7 Released – Automated Hacking

The Metasploit Framework is an advanced open-source exploit development platform. The 2.7 release includes three user interfaces, 157 exploits and 76 payloads.The Framework will run on any modern operating system that has a working Perl interpreter. The Windows installer includes a slimmed-down version of the Cygwin environment. Windows users are encouraged to update as soon […]

Continue Reading


24 November 2006 | 3,879 views

Oracle MEGA Patch Fixes 101 Security Bugs

Oracle in its very own style recently published a mega patch, it could be called the mother of all patches. Actually 101 bugs…the scary part is 45 can be exploited remotely. Oracle published the mother of all security patches containing 101 fixes for flaws in its database, application server, E-Business Suite and PeopleSoft and JD […]

Continue Reading


14 November 2006 | 22,642 views

Installing Nessus on Debian-based OSs like Ubuntu

With this simple tutorial I will explain how to install Nessus client (nessus) and Nessus Daemon (nessusd) and properly register it, so you don’t end up with the limitations of a non-registered version of the vulnerability scanner. Installing: I personally use apt-, however, you may choose any other package manager. apt-get install nessus nessusd -y […]

Continue Reading


31 October 2006 | 5,581 views

New Firefox vulnerability – DoS and [DELETED] – UPDATED

This has just been posted to Bugtraq. For now you can test if your version is vulnerable, here. (will cause Firefox to close) So far Firefox 1.5.0.7 and 2.0 (Linux) have been tested, and both vulnerable. Firefox 1.0.7 (Win32), not vulnerable. The code used on the test page and the one submitted to Bugtraq can […]

Continue Reading