Archive for the 'Security-Vulnerabilities' Category


The Great Lizamoon SQL Injection Attack – March-April 2011

Monday, April 4th, 2011

Well – Friday things started getting interesting on tech news sites. Most sites were running phony April fools stories and a few including websense was running with a major attack going on against many SQL based websites. Details were sketchy – people were told to look for ur.php files in their web directory (which isn’t [...]

Exploit Thursday – this months winner – Powerpoint

Thursday, October 12th, 2006

The SecurityFix reminds us of what usually comes close behind Patch Tuesday…. exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There’s a new Powerpoint exploit starting to make the rounds right on the heels of Patch day. The main goal is likely to get the most mileage out [...]

What wasn’t patched Tuesday…

Thursday, October 12th, 2006

Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround… Mitigation: The DirectAnimation Path control can be disabled by setting the kill bit for the following CLSID: {D7A7D7C3-D47F-11d0-89D3-00A0C90833E6} More info at Microsoft’s Knowledge Base    Send article as PDF   

Exploits in wild for recent Apple vulnerabilities

Tuesday, October 3rd, 2006

If you’ve been delaying on updating with the recent Apple Mac OS X updates…. don’t, there are exploits in the wild now for at least one. It’s speculated that this code may have been in the wild before Apple released the security updates.    Send article as PDF   

Multiple Apple updates as Mac goes to version 10.4.8

Sunday, October 1st, 2006

Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well…. Security Update 2006-006). In typical fashion there are a bundle of issues in these updates. Several address remotely exploitable vulnerabilities.    Send article as PDF   

Firefox zero-day vulnerability (or is it?)

Sunday, October 1st, 2006

I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day… the intent here though is to use the word in this context…. “vulnerability has been released without giving the vendor an opportunity to patch…” Yes, the fun vulnerability weekend seems [...]

Microsoft vulnerability whack-a-mole continues…..

Thursday, September 28th, 2006

Translation – Microsoft patched one vulnerability another surfaces…. Incidents.org brings us the frustrating news…. If you remember the month of browser bugs series of exploits back in July, there was a denial of service there that appears to have code execution after all. Coincidence or not, it got publicly released after the out of cycle [...]

Microsoft releases official VML patch!!

Tuesday, September 26th, 2006

The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that’s been actively exploited in recent days for everything from sneak keylogger installs to massive spyware installs. Sans has a few links, if you de-registered the affected DLL you should [...]

Update on the Internet Explorer VML vulnerability

Friday, September 22nd, 2006

Just catching up on the days VML vulnerability news from today…. It looks as though… the exploit is now MUCH more widespread this blog has some video of an infection, what’s notable is that the first take was VERY UNEVENTFUL, it was used to stealthily install a keylogger. (So that they can harvest paypal/bank/etc. passwords…) [...]

ICQ client and toolbar vulnerabilities

Friday, September 8th, 2006

Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 is said to be vulnerable as well. No more recent version of that is available – you might consider [...]

Google
 
Web www.averyjparker.com

Switch to our mobile site