Day: August 18, 2013

Android Under Seige From 100,000-Strong Malware Horde

… Read more

Cogent DataHub HTTP Server Buffer Overflow

This Metasploit module exploits a stack based buffer overflow on Cogent DataHub 7.3.0. The vulnerability exists in the HTTP server – while handling HTTP headers, a strncpy() function is used in a dangerous way. This Metasploit module has been tested successfully on Cogent DataHub 7.3.0 (Demo) on Windows XP SP3…….

VoltEdit CMS SQL Injection / Shell Upload

VoltEdit CMS suffers from administrative login bypass due to remote SQL injection and allows for PHP shells to be uploaded. Note that this finding houses site-specific data…….

Cha Cha… Choppin Down The China Chopper Webshell

Cha Cha… Chopping Down The China Chopper Webshell is a malware analysis report for BackDoor.Chopper.1 aka caidao.exe…….

Smashing The Stack, An Example From 2013

This whitepaper goes into detail on exploitation techniques to bypass modern security mechanisms cerated to mitigate the common buffer overflow in Linux……. Security

This is a brief write up discussing glibc 2.5 rtld security mechanisms, attack techniques, and payload injection vectors…….

Moxiecode Image Manager 3.1.5 XSS / Content Spoofing / Disclosure

Moxiecode Image Manager version 3.1.5 suffers from cross site scripting, content spoofing, and path disclosure vulnerabilities…….

Firefox 3.6 WOFF Heap Corruption Integer Overflow

This exploit leverages WOFF heap corruption due to an integer overflow in Mozilla Firefox versions 3.6, 3.6 Beta 1, 3, 4, and 5, 3.6 RC1 and RC2…….

Firefox 3.5.4 / 3.0.15 Local Color Map Parsing

This is a heap overflow exploit that leverages a local color map parsing bug in Firefox versions 3.5.4 and below, 3.0.15 and below, and SeaMonkey versions 2.0 and below…….

Joomla JDownloads Cross Site Scripting

The Joomla JDownloads component suffers from a cross site scripting vulnerability…….