Archive | Exploits/Vulnerabilities


14 July 2006 | 15,351 views

Linux Kernel 2.6.x PRCTL Core Dump Handling – Local r00t Exploit ( BID 18874 / CVE-2006-2451 )

A working version of the exploit used to escalate privileges to root in the recent Debian breakin, ah another root kernel exploit. It’s to do with the way the kernel handles file permissions (or lack of) on core dumps. Linux kernel is prone to a local privilege-escalation vulnerability. A local attacker may gain elevated privileges […]

Continue Reading


13 July 2006 | 5,745 views

Debian Development Machine ‘gluck’ Hacked!

Ah, I wonder what happened? I’ve always been a great fan of Debian, all the way back into the early days of woody and backporting apt packages. What a name too, gluck to me usually means g’luck or good luck ;) Early this morning we discovered that someone had managed to compromise gluck.debian.org. We’ve taken […]

Continue Reading


04 July 2006 | 8,091 views

Month of Browser Bugs (MoBB)

Get ready for a complete month of fun with H D Moore’s Month of Browser Bugs. Quoting from Browser Fun blog: This blog will serve as a dumping ground for browser-based security research and vulnerability disclosure. To kick off this blog, we are announcing the Month of Browser Bugs (MoBB), where we will publish a […]

Continue Reading


28 June 2006 | 5,175 views

Web Services Attack Frequency Increasing

As we’ve reported a few times recently, more and more attacks being aimed at Web Services such as Orkut, MySpace, Ebay and others. As more people turn to web applications for everyday tasks like e-mail, friendship and payments, cyber criminals are following them in search of bank account details and other valuable data, security researchers […]

Continue Reading


20 June 2006 | 4,894 views

3Com’s TippingPoint Finds New IE Vulnerabilities

What? New vulnerabilities in Internet Explorer? You can hack Internet Exploder Explorer? Never! 3Com Corp’s TippingPoint division has discovered and disclosed two critical new vulnerabilities in Microsoft’s Internet Explorer through 3Com’s Zero Day Initiative (ZDI). The vulnerabilities could have allowed an attacker to gain control of a PC if the user was logged in with […]

Continue Reading


26 May 2006 | 7,367 views

Serious Symantec Anti-Virus Vulnerability

Apparently a gaping security flaw in the latest versions of Symantec’s anti-virus software suite has been discovered that could put millions of users at risk of a debilitating worm attack. According to eEye Digital Security, the company that discovered the flaw, the vulnerability could be exploited by remote hackers to take complete control of the […]

Continue Reading


24 May 2006 | 3,796 views

Security Researchers Afraid to Reveal Vulnerabilities

Well it happened a while back, remember? The French researcher Guillaume Tena who got in trouble for breaching French copywrite laws by decompiling some software. Now people are generally starting to worry about disclosing vulnerabilities through any channels, does there need to be some kind of anonymous PGP key based system for vulnerability disclosure? So […]

Continue Reading


23 May 2006 | 3,374 views

Trojan for the Word Vulnerability in the Wild

We all knew it was just a matter of time until the ‘thing’ was out. PandaLabs has detected the appearance of 1Table.A, a malicious code that exploits a recently detected critical vulnerability in Microsoft Word, and which also affects versions of MS Office 2003 and XP. Microsoft confirmed today the existence of this vulnerability and […]

Continue Reading


20 May 2006 | 14,868 views

The Biggest Web Defacement Ever

A Turkish hacker using the handle iSKORPiTX was able to breach the security of a group of web servers, containing more than 38.500 web sites in less than a day! Iskorpitx is believed to be 45 years old, sometimes being helped for minor defacement activities by another Turkish “senior cracker” (42) going by the handle […]

Continue Reading


15 May 2006 | 3,407 views

Microsoft Patching Practises Come Under Fire

Aye…it’s not the first time. The question came up, is Microsoft silently fixing security vulnerabilities and deliberately obfuscating details about patches in its monthly security bulletins? Matthew Murphy, a security researcher who has worked closely with the MSRC (Microsoft Security Response Center) in the past, is accusing the software maker of ‘misleading’ customers by not […]

Continue Reading