Home > Uncategorized > Security News #0x78

Security News #0x78

Exploits
  • The Metasploit blog discusses two privilege escalation attacks on Internet Explorer- one based on MS 13-097 and the other based on MS 14-009.
  • It looks like there is a flaw in PHP that could potentially result in the leak of the system’s underlying SSL private key. The underlying problem is CVE 2014-4721.
  • There is an exploitable race condition in the Nagios Plugin check_dhcp 2.0.2. The exploit page lists this as CVE 2014-4703, but it has not yet been assigned by the folks at MITRE.
  • Metasploit has added a module to attack the WordPress MailPoet plugin (prior to 2.6.8). The attack allows for remote file injection.
Learning More
  • Do you want to learn more about Burp Suite? The folks at PenTestGeek have a tutorial.
  • SpiderLabs has a nice tutorial on the use of Honeytraps with ModSecurity.
  • Details of the Futex vulnerability (CVE 2013-3153) can be found over at Tinyhack.com.
Industry News
General Silliness
Advertisements
Categories: Uncategorized
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: