Archive | Exploits/Vulnerabilities


24 May 2006 | 3,796 views

Security Researchers Afraid to Reveal Vulnerabilities

Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software. Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? So [...]

Continue Reading


23 May 2006 | 3,374 views

Trojan for the Word Vulnerability in the Wild

We all knew it was just a matter of time until the ‘thing’ was out. PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. Microsoft confirmed today the existence of this vulnerability and [...]

Continue Reading


20 May 2006 | 14,861 views

The Biggest Web Defacement Ever

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle [...]

Continue Reading


15 May 2006 | 3,407 views

Microsoft Patching Practises Come Under Fire

Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not [...]

Continue Reading


10 May 2006 | 6,287 views

MORE Sendmail Problems – Signal Handling Vulnerability

OH MY GOD, NOT ANOTHER SENDMAIL FLAW? What’s that? Yah number 1001010102121. Recently, Mark Dowd of ISS discovered a signal handling vulnerability in Sendmail. We don’t see major bugs in software that’s as popular as Sendmail very often (at least, in the Unix world anyways), and that’s probably a good thing. According to sendmail.com, Sendmail [...]

Continue Reading


04 May 2006 | 12,803 views

Homeland Security Uncovers Critical Flaw in X11

An open-source security audit program funded by the U.S. Department of Homeland Security has flagged a critical vulnerability in the X Window System (X11) which is used in Unix and Linux systems. A missing parentheses in a bit of code is to blame. The error can grant a user root access, and was discovered using [...]

Continue Reading


02 May 2006 | 6,711 views

Proof of Concept for Internet Explorer Modal Dialog Exploit

Pretty interesting and imaginative way to exploit the flaw in IE…yeah I know linked to ActiveX again, all the more reason to use Firefox right? It just shows that the browser really is a point of entry, this could be useful for a penetration test, another way to show how easy it is to get [...]

Continue Reading


26 April 2006 | 12,242 views

MS and the new IE vulnerability – Object Tag

Can you see the irony? Just after 2 weeks that M$ released the Internet Explorer security makeover, Michal Zalewski came up with a highly critical exploit, as called by Secunia… based on a mishandling of the OBJECT tag…. Security alerts aggregator Secunia flagged the issue as “highly critical” and stressed that it can be exploited [...]

Continue Reading


26 April 2006 | 35,029 views

Alternatives to FrSIRT – Where to Download Exploits?

Since FrSIRT closed it’s public archives and starting charging for access (blaming it on French laws…), people have been wondering where they can their dose of Exploits..For legitimate purposes obviously. Security Forest The most comprehensive collection in my opinion comes from SecurityForest. They also have a BETA exploitation framework in development, something like a Metasploit, [...]

Continue Reading


13 April 2006 | 4,700 views

New Critical MEGApatch fixes 10 Vulnerabilities in Internet Explorer

Well how many does that leave unpatched? 30+ if I remember correctly from the PivX page that got taken down mysteriously. Microsoft on Tuesday released a “critical” Internet Explorer update that fixes 10 vulnerabilities in the Web browser, including a high-profile bug that is already being used in cyberattacks. The Redmond, Wash., software giant sent [...]

Continue Reading