Blog Posts Tagged with "Exploits"


OpenX CSRF Vulnerability Being Actively Exploited

April 30, 2012 Added by:Mark Baldwin

This vulnerability from July 2011 is still present in the latest version of OpenX Source (version 2.8.8). Moreover, this vulnerability is being actively exploited to compromise OpenX Source installations in order to serve malicious content via banner ads...

Comments  (2)


IC3: Blackhole Exploit Kit 1.2.3 Released

April 26, 2012 Added by:Headlines

Blackhole, the most widely purchased exploit pack in the underground market, is a toolkit that is injected into malicious and/or compromised websites, allowing the attacker to push a variety of exploits targeting vulnerabilities of popular applications like Java and Flash...

Comments  (0)


Don’t Forget about VoIP Exposures and PBX Hacking

April 24, 2012 Added by:Brent Huston

There are now a variety of tools, exploits and frameworks built for attacking VoIP installations and they are a target for both automated tools and manual hacking. Access to VoIP systems can provide a great platform for intelligence, recon, industrial espionage and toll fraud...

Comments  (0)


Flashback - Are You Joking? There is No Malware for Mac!

April 23, 2012 Added by:Plagiarist Paganini

We must remember that in any software there will be vulnerabilities that could be exploited for criminal purposes. To give you an immediate idea of the malware available for the Mac environment, I produced a table that lists the main agents detected by a well known antivirus...

Comments  (0)


Analysis of the April 2012 CPU for the Oracle Database

April 23, 2012 Added by:Alexander Rothacker

It’s mid-April, so it’s Oracle CPU fallout time again. This CPU contains 88 fixes. Thirty-three in this CPU are for vulnerabilities that are remotely exploitable without authentication. In other words, anybody on the network can exploit these vulnerabilities...

Comments  (0)


ICS-CERT: Siemens Simatic WINCC Multiple Vulnerabilities

April 20, 2012 Added by:Infosec Island Admin

ICS-CERT has received reports detailing several vulnerabilities in Siemens SIMATIC WinCC Human-Machine Interface application which could allow an attacker to log on to a system as a user or administrator with the ability to execute arbitrary code or obtain full access to files...

Comments  (0)


On Buffer Overrun Vulnerabilities, Exploits and Attacks

April 19, 2012 Added by:Fergal Glynn

A Buffer overflow is a common software coding mistake. To effectively mitigate the vulnerability, it is important that you first understand what buffer overflows are, what dangers they pose to your applications, and what techniques attackers use to successfully exploit them...

Comments  (0)


All the Lights Will Not Go Out in a Cyber Attack

April 17, 2012 Added by:Dan Dieterle

One of the biggest threats that you hear is that hackers could take out the power grid and all the power would be shut off. America would be thrown back to the power stone age in the flick of a switch (or a series of SCADA exploits). But is this true? The answer is no...

Comments  (5)


ICS-CERT: Koyo Ecom100 Multiple Vulnerabilities

April 16, 2012 Added by:Infosec Island Admin

ICS-CERT is aware of a public report of multiple vulnerabilities with proof-of-concept exploit code affecting the Koyo ECOM100 Ethernet Module. A brute force password cracking tool has been released that targets a weak authentication vulnerability in the ECOM series modules...

Comments  (0)


Hacking-Kung Fu: Aims and Objectives

April 15, 2012 Added by:Quintius Walker

Understanding Kung Fu-Hacking enables you to realize that there is more to it than merely learning form or exploits. Understanding will lead you, if you are still not able to defend yourself in real world situations or compromise systems outside lab environments, to ask why...

Comments  (0)



April 13, 2012 Added by:Infosec Island Admin

Researcher Luigi Auriemma identified and released proof of concept code (POC) for a use after free vulnerability in the MICROSYS, spol. s r.o. PROMOTIC application wgich may result in adverse conditions ranging from the corruption of valid data to the execution of arbitrary code...

Comments  (0)


Exploit for Liferay XSL Code Execution Released

April 11, 2012 Added by:Spencer McIntyre

Researchers are releasing a Metasploit module that can exploit a vulnerability in an open source web content management system called Liferay in the XSLT processing engine that is used to allow setting dynamic XML feeds to be displayed as content on a page...

Comments  (0)


One-Day Exploits, Binary Diffing and Patch Management

April 05, 2012 Added by:Plagiarist Paganini

One-Day exploits have a reduced possibility of success due the potential for patching by a target, but the attacks are still insidious and cheaper in comparison to Zero-Days - it's quite simple to retrieve the information on the internet and use tools to commit the attacks...

Comments  (0)


ICS-CERT: Invensys Wonderware Server Multiple Vulnerabilities

April 04, 2012 Added by:Infosec Island Admin

Researchers have identified multiple vulnerabilities in the Invensys Wonderware Information Server which if exploited could allow denial of service, information disclosure, remote code execution, or session credential high jacking. Invensys has developed a security update...

Comments  (0)


Apple: Critical Update for Java for OS X Lion and Mac OS X

April 04, 2012 Added by:Headlines

"Vulnerabilities exist in Java 1.6.0_29, the most serious of which may allow an untrusted Java applet to execute arbitrary code outside the Java sandbox. Visiting a web page containing a maliciously crafted untrusted Java applet may lead to arbitrary code execution..."

Comments  (0)


Experts Warn of Online Voting Security Issues

March 30, 2012 Added by:Headlines

“Election officials who run and pursue online voting programs must understand that they are putting voters’ ballots at risk of being altered or deleted without anyone realizing it,” said Susannah Goodman of the Election Verification Network...

Comments  (0)

Page « < 3 - 4 - 5 - 6 - 7 > »