sqlninja 0.2.2 Released – SQL Injection Tool

Tuesday, April 15th, 2008

Sqlninja is a tool targeted to exploit SQL Injection vulnerabilities on a web application that uses Microsoft SQL Server as its back-end.  Its main goal is to provide a remote shell on the vulnerable DB server, even in a very hostile environment. It should be used by penetration testers to ...

Crafted EXE files can inject code in ClamAV

Monday, April 14th, 2008

Security service provider Secunia has discovered a vulnerability in the ClamAV open source virus scanner. Attackers can foist code on the appliction using manipulated EXE files. According a Secunia advisory, a boundary error in the cli_scanpe() function in libclamav/pe.c can cause a heap-based buffer overflow. Manipulated PE executables (Windows .exe files) ...

Add File types to the Microsoft Outlook Attachment Manager

Monday, April 14th, 2008

Microsoft Outlook categorizes mail attachments into three risk types which are high, medium and low. Outlook uses the default Microsoft configuration to determine if a file poses a high, medium or low risk when the user tries to open the attachment. The file extension .exe for instance poses a high ...

Apple Adds Anti-Hacker Features to QuickTime

Sunday, April 13th, 2008

Apple is quietly adding several key anti-hacker security features into its flagship QuickTime media player as part of a deliberate plan to reduce the effectiveness of malicious exploits. The XPMs (exploit prevention mechanisms) have been fitted into the WIndows and Mac OS X versions of QuickTime 7.4.5, a new update that ...

Hackers Increasingly Target Browsers

Saturday, April 12th, 2008

Threats against browsers are getting more sophisticated and branching out into such exotic areas as gaming, experts told attendees at the recent RSA Conference 2008. New attacks from games and virtual-world Web sites can deliver bot-like control of browsers to attackers, said Ed Skoudis, a security consultant with Intelguardians, speaking at ...