SecuriTeam

Motorola Timbuktu Pro Stack Based Buffer Overflow

Fri, 26 Jun 2009 14:01 GMT

Remote exploitation of a stack-based buffer overflow vulnerability in Motorola Inc.'s Timbuktu Pro could allow attackers to execute arbitrary code with SYSTEM privileges.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Unisys Business Information Server Stack Buffer Overflow

Fri, 26 Jun 2009 11:48 GMT

Remote exploitation of a stack based buffer overflow vulnerability in Unisys's Business Information Server could allow an attacker to execute arbitrary code with the privileges of the affected service.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Adobe Shockwave Player Director File Parsing Pointer Overwrite

Fri, 26 Jun 2009 11:41 GMT

This vulnerability allows remote attackers to execute code on vulnerable installations of Adobe's Shockwave Player. User interaction is required in that a user must visit a malicious web site.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Cisco Physical Access Gateway Denial of Service Vulnerability

Thu, 25 Jun 2009 18:43 GMT

A denial of service (DoS) vulnerability exists in the Cisco Physical Access Gateway. There are no workarounds available to mitigate the vulnerability. This vulnerability has been corrected in Cisco Physical Access Gateway software version 1.1.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Cisco ASA Web VPN Multiple Vulnerabilities

Thu, 25 Jun 2009 14:56 GMT

The ASA's DOM wrapper can be rewritten in a manner to allow Cross-Site Scripting (XSS) attacks.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Netifera - Modular Open Source Platform for Security Tools

Sun, 12 Apr 2009 14:01 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

WarVOX - Tools for Exploring, Classifying, and Auditing Telephone Systems

Mon, 09 Mar 2009 08:59 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

Webshag - Web Server Audit Tool

Mon, 23 Feb 2009 17:28 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

Browser Fuzzer

Tue, 20 Jan 2009 14:01 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

FSpy - Linux Filesystem Activity Monitoring

Wed, 31 Dec 2008 12:04 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

Apple WebKit attr() Invalid Attribute Memory Corruption Vulnerability

Thu, 25 Jun 2009 18:58 GMT

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of Apple WebKit. User interaction is required to exploit this vulnerability in that the target must visit a malicious page.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Pivot Cross Site Scripting and HTML Injection

Wed, 24 Jun 2009 11:40 GMT

Pivot has been found to contain vulnerabilities in the following functions: url, menu, sort, check[], edituser, edit, blog, cat.

Make your website safer. Use external penetration testing service. First report ready in one hour!

IBM AIX ToolTalk Database Server Buffer Overflow Vulnerability

Mon, 22 Jun 2009 11:36 GMT

There exists a vulnerability within a function of the ToolTalk database server (rpc.ttdbserverd), which when properly exploited can lead to remote compromise of the vulnerable system.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Webmedia Explorer Cross Site Scripting Vulnerability

Fri, 19 Jun 2009 10:17 GMT

Webmedia Explorer's search, tag, bookmark parameters have been found to contain a security vulnerability that allows remote attackers to cause cross site scripting vulnerabilities.

Make your website safer. Use external penetration testing service. First report ready in one hour!

phpMyAdmin Code Injection

Fri, 19 Jun 2009 10:16 GMT

This vuln can only be exploited against environments where the administrator has chosen to install phpMyAdmin following the *wizard* method, rather than manual method.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Microsoft Office Excel Malformed Records Stack Buffer Overflow (MS09-021)

Thu, 25 Jun 2009 14:01 GMT

A remotely exploitable vulnerability has been discovered in Microsoft Office Excel products. Specifically, the vulnerability is due to a design error encountered when parsing Excel files which contain malformed records. Remote attackers can exploit this vulnerability by enticing target users to open a malicious Excel file.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Microsoft Excel Record Parsing Array Indexing Vulnerability (MS09-021)

Thu, 25 Jun 2009 11:38 GMT

Microsoft Excel can be exploited through an array-indexing error when processing certain records. This can be exploited to corrupt memory via a specially crafted Excel file. Successful exploitation may allow execution of arbitrary code.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Microsoft Excel String Parsing Integer Overflow Vulnerability (MS09-021)

Mon, 22 Jun 2009 11:45 GMT

The vulnerability is caused due to an integer overflow error when processing the number of strings in a file and can be exploited to cause a heap-based buffer overflow via a specially crafted Excel file. Successful exploitation allows execution of arbitrary code.

Make your website safer. Use external penetration testing service. First report ready in one hour!

libpurple MSN Protocol SLP Message Heap Overflow Vulnerability

Fri, 19 Jun 2009 10:14 GMT

This vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of messaging applications that make use of the libpurple library. User interaction is not required to exploit this vulnerability.

Make your website safer. Use external penetration testing service. First report ready in one hour!

CA ARCserve Backup Message Engine Denial of Service Vulnerabilities

Wed, 17 Jun 2009 16:07 GMT

CA ARCserve Backup contains multiple vulnerabilities in the message engine that can allow a remote attacker to cause a denial of service.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Sun Java System Identiy Manager Users Enumeration

Mon, 13 Apr 2009 15:36 GMT

The following exploit is a proof of concept for the enumerations of users vulnerability of Sun Java System Access Manager and Identity manager.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Microsoft Internet Explorer XML Buffer Overflow (Exploit)

Sun, 28 Dec 2008 07:45 GMT

The following exploit utilizes the XML vulnerability in Internet Explorer to execute arbitrary code under Vista.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Opera file:// Overflow

Tue, 18 Nov 2008 19:49 GMT

A vulnerability in Opera's browser allows attackers that can inject and open an HTML file to overflow an internal buffer used by the 'file://' URL interpreter and cause it to execute arbitrary code.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Stack-Based Buffer Overflow in the Network Manager of Castle Rock Computing (SNMPc)

Wed, 12 Nov 2008 20:51 GMT

Stack-based buffer overflow in the Network Manager in Castle Rock Computing SNMPc 7.1 and earlier allows remote attackers to cause a denial of service (crash) or execute arbitrary code via a long community string in an SNMP TRAP packet.

Make your website safer. Use external penetration testing service. First report ready in one hour!

PacketTrap TFTPD DoS

Wed, 29 Oct 2008 09:24 GMT

A vulnerability in PacketTrap's TFTPD allows remote attackers to cause the TFTP server to fail by sending it a pipe (|) character as the filename that is being uploaded.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Why Silent Updates Boost Security

Sun, 10 May 2009 18:35 GMT

Thomas Duebendorfer Google Switzerland GmbH and Stefan Frei Communication Systems Group, ETH Zurich, Switzerland looked into the performance of Web browser update mechanisms. The analysis of anonymized Google Web server logs allowed us to compare and rank the update strategies deployed by Google Chrome, Mozilla Firefox, Apple Safari, and Opera.

Make your website safer. Use external penetration testing service. First report ready in one hour!

PDF Silent HTTP Form Repurposing Attacks

Sun, 10 May 2009 18:29 GMT

This paper sheds light on a modified approach to triggering web attacks through JavaScript protocol handler in the context of opening a PDF in a browser.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Frame Pointer Overwrite Demonstration (Linux)

Wed, 03 Dec 2008 16:24 GMT

This paper assumes you have read the proper background information and/or technical details about the above subject. If not, please do so, because this read does not include key concepts but instead technical exploitation examples. That being said, enjoy. Knowledge is power.

Make your website safer. Use external penetration testing service. First report ready in one hour!

Format String Exploitation Demonstration (Linux)

Tue, 02 Dec 2008 16:22 GMT

Make your website safer. Use external penetration testing service. First report ready in one hour!

Hacking SOHO Routers

Wed, 12 Nov 2008 17:54 GMT

The purpose of this paper is to outline the security measures being taken by vendors to prevent such attacks in their home routing products, what those security measures accomplish, and where they fall short. We will use existing network tools to examine common vulnerabilities in a range of popular devices and demonstrate weaknesses in the security of those devices; additionally, we will examine common trends in security measures that have been duplicated across vendors, and examine how those trends help and hinder the security of their devices. In particular, we will examine the following home routers, which are some of the latest offerings from their respective vendors at the time of this writing: * Linksys WRT160N

Make your website safer. Use external penetration testing service. First report ready in one hour!