Maker tech hub — AI · 3D print · Pi · ESP32 · plus the classic tech archive.

Free ESP32 kit · Books · Network Ninja · Archive

Archive: Security-Vulnerabilities

Classic tech tips filed under Security-Vulnerabilities.

  • The Great Lizamoon SQL Injection Attack - March-April 2011
    Classic tip Apr 4, 2011

    Well - Friday things started getting interesting on tech news sites. Most sites were running phony April fools stories and a few including websense was running with a major attack going on against ma…

  • Exploit Thursday - this months winner - Powerpoint
    Classic tip Oct 12, 2006

    The SecurityFix reminds us of what usually comes close behind Patch Tuesday.... exploit Wednesday or Thursday and this month, the exploits seemed to start coming out Thursday. There's a new Powerpoin…

  • What wasn't patched Tuesday...
    Classic tip Oct 12, 2006

    Sunbelt reminds us that the daxctle.ocx exploit was NOT among those patched Tuesday by Microsoft. They remind us of the following workaround... Mitigation: The DirectAnimation Path control can be dis…

  • Exploits in wild for recent Apple vulnerabilities
    Classic tip Oct 3, 2006

    If you've been delaying on updating with the recent Apple Mac OS X updates.... don't, there are exploits in the wild now for at least one. It's speculated that this code may have been in the wild bef…

  • Multiple Apple updates as Mac goes to version 10.4.8
    Classic tip Oct 1, 2006

    Apple is fixing 15 security flaws with the 10.4.8 version upgrade of Mac OS X. (There is a second update as well.... Security Update 2006-006). In typical fashion there are a bundle of issues in thes…

  • Firefox zero-day vulnerability (or is it?)
    Classic tip Oct 1, 2006

    I saw a comment somewhere else that zero-day was overused and in essense ANY previously unknown vulnerability in open source software is technically zero day... the intent here though is to use the w…

  • Microsoft vulnerability whack-a-mole continues.....
    Classic tip Sep 28, 2006

    Translation - Microsoft patched one vulnerability another surfaces.... Incidents.org brings us the frustrating news.... If you remember the month of browser bugs series of exploits back in July, ther…

  • Microsoft releases official VML patch!!
    Classic tip Sep 26, 2006

    The big news this afternoon is that Microsoft HAS gone out of the routine patch cycle to release a security fix for the VML vulnerability that's been actively exploited in recent days for everything …

  • Update on the Internet Explorer VML vulnerability
    Classic tip Sep 22, 2006

    Just catching up on the days VML vulnerability news from today.... It looks as though... the exploit is now MUCH more widespread this blog has some video of an infection, what's notable is that the f…

  • ICQ client and toolbar vulnerabilities
    Classic tip Sep 8, 2006

    Sans brings this from AOL, advising of vulnerabilities in the ICQ client and the ICQ toolbar for IE. The latest version of ICQ client is 5.1 and is claimed to not be vulnerable. (Toolbar version 1.3 …

  • Firefox code under the microscope
    Classic tip Sep 8, 2006

    So, the stories are out of the analysis of the code for Mozilla Firefox. It seems there were a large number of potential flaws found (71 potential security vulnerabilities) according to the article. …

  • System patching 0-days and ancient-day vulnerabilities
    Classic tip Sep 5, 2006

    There's a good article at Michael Sutton's Blog which points out something that really makes sense and I think many people are aware of, but with all the buzz that a new previously undisclosed vulner…

  • Another Internet Explorer Exploit (September 2006)
    Classic tip Sep 1, 2006

    A new Internet Explorer bug was published on Monday. It's been given a CVE (2006-4446) and affects IE 6.0 SP1. It's worth considering alternative browsers. Details from bugtraq indicate that it's a b…

  • Sun java update process vulnerable
    Classic tip Aug 30, 2006

    The Java Runtime Environment from Sun has a vulnerability that's due in large part to a poor approach to updating it. IF you have not uninstalled previous versions of the JRE on your PC, they are lik…

  • Sendmail DoS vulnerability
    Classic tip Aug 30, 2006

    I've got to admit, I hadn't caught the notice of this until it was at incidents.org. I don't currently administer sendmail on any machines, but.... Sendmail released version 8.13.8 on August 9th to a…

  • Wireshark, various vulnerabilities disclosed
    Classic tip Aug 24, 2006

    There used to be a tool called ethereal and then it changed it's name to wireshark. Today a number of security vulnerabilities were disclosed. A new version is available and workarounds. Please upgra…

  • More Microsoft Patch problems MS06-042
    Classic tip Aug 22, 2006

    This has been one of the "problem child" patches this time around and it looks as though it's worse than initially thought. Apparently, instead of "just" crashing IE SP1 when viewing compressed http …

  • Powerpoint vulnerability (August 2006)
    Classic tip Aug 22, 2006

    I'm having to make sure I put the date in the title of these posts now.... over the weekend there were rumors of a new powerpoint vulnerability. Sans had an early notice of some trojan droppers using…

  • Mac Wireless driver Security vulnerability revisited
    Classic tip Aug 18, 2006

    A couple weeks ago the hot story was about the demonstration of a vulnerability in a 3rd party wireless card driver on a Mac. The individuals that demonstrated the vulnerability (in a video taped pre…

  • Other MS patch news as well as a Yahoo vulnerability?
    Classic tip Aug 14, 2006

    Or lack of currently available patch as the case may be. From the previous link it appears that there was at least one previously announced vulnerability that was not addressed in the recent patch da…

  • Ruby on Rails urgent update
    Classic tip Aug 10, 2006

    A new version of Ruby on Rails has been released in response to a critical security vulnerability. The link will take you to information at incidents.org. 1.1.5 is the new version and should be compa…

  • Clamav 0.88.4 and prior DoS
    Classic tip Aug 7, 2006

    According to incidents.org a denial of service vulnerability has been noted in all versions of clamav prior to 0.88.4 (inclusive). At incidents last report the download for 0.88.4 was back after disa…

  • Vista's fatal flaw?
    Classic tip Aug 7, 2006

    Backwards compatibility. It's something that many vendors strive for and Microsoft is certainly one that has placed a value on making things backwards compatible for third party software. According t…

  • Another WMF exploit??
    Classic tip Aug 7, 2006

    Security Focus has a brief that refers to a WMF zero-day vulnerability that affects Windows XP SP2. I suspect this may get a bit of coverage throughout the day. It appears as though there are actuall…

  • Wireless Driver Vulnerabilities
    Classic tip Aug 2, 2006

    There are a couple notes to pass along with regards to some pretty serious vulnerabilities in various wireless network adapter drivers. First, Sans has information on some Intel Centrino updates that…

  • Time for Apple Mac OS X updates again
    Classic tip Aug 1, 2006

    From the look of it Apple has released a bunch of updates for OS X. A number of security issues are detailed. As always, SANS has some good details and links to more info on each of the ~13 issues. M…

  • Another McAfee security product flaw
    Classic tip Aug 1, 2006

    Sans has info on a security flaw affect several McAfee security products. It could allow remote code execution. The 2007 versions of the products are not affected and a patch is expected soon. For yo…

  • Wordpress 2.0.4 Update
    Classic tip Aug 1, 2006

    It has been a few days now, but I noticed that Wordpress 2.0.4 has now been released and is highly recommended due to the fixing of a few security issues. They also list a number of bugfixes as well.…

  • Microsoft Issues advisory on Powerpoint flaw
    Classic tip Jul 18, 2006

    Here's the link to Microsoft's advisory. The main workaround seems to be.... Don't open or save powerpoint attachments that you receive from untrusted sources, OR that you receive unexpectedly from t…

  • Linux Local kernel vulnerability
    Classic tip Jul 14, 2006

    SANS has a story on another local kernel vulnerability for linux. I've got to say that I typically haven't looked as much at "local" vulnerabilities on this site as I have talked about remote vulnera…

  • Powerpoint zero day
    Classic tip Jul 14, 2006

    This has been a rough quarter for Office vulnerabilities... there seems to be a pattern, Microsoft patch day, then.... zero-day exploit within a week for an Office component. First Word, then Excel a…

  • Adobe Acrobat reader update
    Classic tip Jul 12, 2006

    On the heels of yesterdays massive update day from Microsoft, Adobe has released an update for the free Adobe Reader. The Adobe reader is one of those ALMOST essential applications that MOST everyone…

  • Microsoft updates are out for July
    Classic tip Jul 11, 2006

    and they affect no fewer than 18 issues in Office and Windows. 13 issues are tagged as critical, others as important. They are all bundled into 7 update downloads. 8 vulnerabilities within Excel have…

  • Fasten your seatbelts - Browser vulnerability a day to be announced in July
    Classic tip Jul 3, 2006

    I hope there aren't too many browser developers that have planned on taking July off..... I ran across browserfun.blogspot.com where it is planned to release information on a web browser vulnerabilit…

  • Exploit in the wild for Apple vulnerability
    Classic tip Jun 30, 2006

    A couple days ago there was a release of Mac OS X 10.4.7 which addressed several security flaws. There is now an exploit published for one of these vulnerabilities. The attacker using this exploit co…

  • OpenOffice.org security update
    Classic tip Jun 30, 2006

    Version 2.0.3 of OpenOffice.org has been released. It includes quite a few bugfixes, including three security related fixes. The security vulnerabilities were apparently found in an internal audit. O…

  • Exploits a plenty - IE / Excel (Firefox?)
    Classic tip Jun 29, 2006

    There are a number of vulnerabilities that are currently unpatched, but have working publicly known exploits for Excel (*2) and Internet Explorer (2 vulnerabilities here as well.) Proof of Concept co…

  • Microsoft security roundup
    Classic tip Jun 26, 2006

    OK - there have been a number of Excel problems floating around in the last week - week and a half. Securiteam blog has a FAQ on the Excel 0-day vulnerabilities with Excel and Excel Viewer Incidents.…

  • Big Windows June update day
    Classic tip Jun 13, 2006

    Updates for Windows for the month of June are out today and it looks like some list! 12 updates covering 20 or more vulnerabilities. MANY of these are tagged as critical. (Critical vulnerabilities ar…

  • Windows 98 won't see the MS06-15 patch
    Classic tip Jun 9, 2006

    It turns out that Windows 98 is just too hard for Microsoft to support with a security patch for MS06-15 now. The official support period ends in July, but they've announced that this one won't be ge…

  • Pretty, shiny usb drive is all it takes to compromise security....
    Classic tip Jun 8, 2006

    Sometimes you just want to cry... This writeup is an example of the "soft underbelly" of every network's security plan... the users. Basically, you have a group that was hired to do a computer securi…

  • Cross browser javascript vulnerability
    Classic tip Jun 8, 2006

    It sounds like this vulnerability would take a great deal of user interaction, but cio-today is reporting on a browser vulnerability that affects pretty much every javascript enabled browser. Accordi…

  • Zero-day ( 0-day) Microsoft Word exploit
    Classic tip May 19, 2006

    There was some news on this last night at Incidents.org, today F-secure has some details as well on the trojan that's dropped in this circulating, exploit. It seems as though the initial attack was v…

  • I've NEVER liked UPNP.... now I have another reason....
    Classic tip May 18, 2006

    I remember the first Windows XP vulnerability was a Upnp vulnerability. I have made one of my first visits on any new XP system a visit to grc.com to disable it on an XP workstation. But, it's the gr…

  • RealVNC 4.1.1 and prior exploits on the loose
    Classic tip May 18, 2006

    As reported over the last several days, there is a critical problem with RealVNC 4.1.1, there is NOW an exploit in the wild for RealVNC 4.1.1, that SANS is looking for more information on. There are …

  • Exploit Prevention in software
    Classic tip May 15, 2006

    There's been a lot of talk about hardware enforced DEP as a mitigating factor in some of the exploits in the last six months. There's also a new software product that can limit the impact of zero-day…

  • Real VNC 4.1.1 vulnerability - Remote Access without password
    Classic tip May 11, 2006

    This is one worth checking out anybody using vnc for remote administration. It looks as though intelliadmin has come across a vulnerability in Real VNC 4 (the slashdot post I saw suggested "any machi…