Tuesday, April 15th, 2008
Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end. Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...
Posted in Internet, Privacy, Security, Software | No Comments
Monday, April 14th, 2008
Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files.
According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) ...
Posted in Coding, Security, Software | No Comments
Monday, April 14th, 2008
Microsoft Outlook categorizes mail attachments into three risk types which are high, medium and low. Outlook uses the default Microsoft configuration to determine if a file poses a high, medium or low risk when the user tries to open the attachment. The file extension .exe for instance poses a high ...
Posted in Internet, Security, Software, Windows | No Comments
Sunday, April 13th, 2008
Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits.
The XPMs (exploit prevention mechanisms) have been fitted into the WIndows and Mac OS X versions of QuickTime 7.4.5, a new update that ...
Posted in Security, Software, Windows | No Comments
Saturday, April 12th, 2008
Threats against browsers are getting more sophisticated and branching out into such exotic areas as gaming, experts told attendees at the recent RSA Conference 2008.
New attacks from games and virtual-world Web sites can deliver bot-like control of browsers to attackers, said Ed Skoudis, a security consultant with Intelguardians, speaking at ...
Posted in Coding, Internet, Privacy, Security | No Comments
