Security Research and Intelligence

CUPS IPP Use-After-Free Denial of Service Vulnerability Proof of Concept [CVE-2010-2941]

Fellas,
SecPod Research Team member “Veerendra GG” has written a valid working POC to crash CUPS Service. The POC is written based on the information provided in RedHat Bugzilla (CVE-2010-2941) which sends a malformed IPP (Internet Printing Protocol) packets over TCP. For more information on this vulnerability, you can refer here. You can manage these Vulnerabilities with the help of a good Vulnerability Management Tool. Well, inline comments inside the Python script can help you more to figure out how the bug was reproduced to crash the service. The Vulnerability Management System can resolve these issues and keep your infrastructures safe. For brevity, the poc is posted below as well. (more…)

2 Comments
November 17, 2010
Category(Default) - Do Not Use This

XSS Vulnerability in ZeusCart Shopping Cart [0day]

Folks,
SecPod Research Team member (Sooraj K.S) found an XSS flaw in ZeusCart Ecommerce Shopping Cart, which can be used to gain sensitive information and launch further attacks. The flaw lies in the search parameter while ZeusCart web app processes the user-supplied input and renders the content back to the client’s browser. The flaw can be exploited to inject arbitrary HTML codes and steal cookies and so on. (more…)

Comments Off on XSS Vulnerability in ZeusCart Shopping Cart [0day]
August 5, 2010
Category(Default) - Do Not Use This

OpenVAS Crosses 10000 NVT’s (plugins)

The news…

Passing the 10000th Network Vulnerability Test (NVT) is a perfect occasion to report about the progress of the OpenVAS project[1].

In October 2008 the systematic development of new NVTs started with a base of around 5800 Tests. With the release of OpenVAS 2.0 in December 2008, the development was boosted and has now reached an average of 10 code updates per day.  The public OpenVAS NVT Feed Service delivers 3-10 new vulnerability tests every day. (more…)

Comments Off on OpenVAS Crosses 10000 NVT’s (plugins)
April 17, 2009

End of content

No more pages to load

Newer Posts
Older Posts