New Java Attack Introduced into Cool Exploit Kit

A new exploit has been found in the Cool Exploit Kit for a vulnerability in Java 7 Update 7 as well as older versions, a flaw that’s been patched by Oracle in Java 7 Update 9. Cool Exploit Kit was discovered last month and is largely responsible for dropping the Reveton ransomware. A new Metasplo...

Anonymous Leaks Apple UDIDs Following Alleged Hack of FBI

UPDATE–The Antisec arm of hacktivist group Anonymous published one million unique device identifier numbers, or UDIDs, for Apple devices, including iPhones and iPads, on Monday night. The group alleges the slew of information was swiped from a laptop belonging to the FBI earlier this year. In a...

Amnesty International Website Compromised, Serving Up Gh0st RAT

Amnesty International’s United Kingdom website was compromised and hosting the potent Gh0st RAT Trojan earlier this week, according to research conducted by security firm Websense. According to the company’s Security Labs blog, visitors to the site over two days this week, May 8 and 9, may have h...

Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit

Exploit for windows platform in category remote exploits !/usr/bin/python Exploit Title: Solarwinds Storage Manager 5.1.0 Remote SYSTEM SQL Injection Exploit Date: May 2nd 2012 Author: muts Version: SolarWinds Storage Manager 5.1.0 Tested on: Windows 2003 Archive Url :...

New Mac Malware, SabPub, Used In Targeted Attacks

Researchers at Kaspersky Lab says a new malicious program, dubbed SabPub, exploits the same Java security hole as the Flashback Trojan and enables targeted attacks against Mac users. The new malware was identified in a blog post by Kaspersky Lab expert Costin Raiu on Saturday and is described as ...

MacControl Trojan Being Used in Targeted Attacks Against OS X Users

Welcome to the age of targeted attacks, Mac users. Perhaps having grown tired of owning Windows machines around the world for the last few years, attackers in China now have taken up the challenge of going after Macs with the same kind of targeted attack tactics that have served them so well in t...

Dutch News site spread Malware on 100000 Computers

Dutch News site spread Malware on 100000 Computers Dutch popular news site NU.nl appears to be serving Java exploit drive-by malware to users of IE. Nu.nl has approximately one hour long served the Javascript code that attempted to provide visitors to the news site with a trojan to infect. The...

Crimepack 3.1.3 Exploit kit Leaked, available for Download !

Crimepack 3.1.3 Exploit kit Leaked, available for Download ! Part 1: Java Exploit As stated above, I focus on a malware that exploits a recent JRE vulnerability: CVE-2010-0840 to execute malicious files on a victim system. This malware comes inside a jar file, which contains the following two...

Sun Microsystems SunScreen Firewall - Privilege Escalation

/ Sun Microsystems SunScreen Firewall Root Exploit discovered & exploited by Kingcope January 2011 The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Java Service contains numerous buffer overruns 2 of which I am...

Sun Microsystems SunScreen Firewall Root Exploit

Exploit for multiple platform in category remote exploits / Sun Microsystems SunScreen Firewall Root Exploit discovered & exploited by Kingcope January 2011 The SunScreen Firewall can be administrated remotely via a java protocol service which is running on port 3858 on a SunOS machine. This Java...

Tru64 UNIX 4.0g /usr/bin/at Local Root Exploit

No description provided by source. / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require modification, may require...

Proof-Of-Concept Denial-Of-Service Pointbase 4.6 Java SQL-DB

Hi, the following code crashes the Pointbase 4.6 database that comes with the J2EE reference implementation. It is provided as an ant script for flexibility and to illustrate the involved ressources. This is a cross-platform denial-of-service java exploit, caused by fact that the pointbase...

CVE-2002-1291

The Microsoft Java implementation, as used in Internet Explorer, allows remote attackers to read arbitrary local files and network shares via an applet tag with a codebase set to a "file://%00" null character URL...

Entrust - getAccess

hola friends, getAccesstm is used as a single-sign-on system often used for large internet-portals. --- snip http://www.entrust.com --- Entrust GetAccesstm offers the most comprehensive solution for consistently deploying and enforcing basic and enhanced security across online applications, from...

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation

Tru64 UNIX 4.0g - usrbinat Local Privilege Escalation / Tru64 UNIX 4.0g JAVA /usr/bin/at local root exploit. ALPHA Author: Cody Tubbs loophole of hhp. Site: www.hhp-programming.net Email: [email protected] Date: 2/1/2000. I made this without access to gdb, It's untested... may require...

Windows client UDP exhaustion denial of service

Georgi Guninski security advisory 37, 2001 Windows client UDP exhaustion denial of service Systems affected: Windows 2000 Prof, Windows 98 probably other Windowses Risk: Low Date: 6 February 2001 Legal Notice: This Advisory is Copyright c 2001 Georgi Guninski. You may distribute it unmodified. Yo...

AVM KEN! 1.3.101.4.30 - Remote Denial of Service

AVM KEN! 1.3.101.4.30 - Remote Denial of Service source: https://www.securityfocus.com/bid/1103/info A remote user on the local network is capable of retrieving any known file from a machine running AVM KEN!. This is accomplished by appending ../ to a URL utilizing port 3128 to escape the regular...