Archive for October, 2010

Winamp 5.58 from Denial of Service to Code Execution

20th October 2010

Winamp

Some days ago, we posted a proof of concept published by Luigi Auriemma outlining Multiple Denial Of Service Vulnerabilities in Winamp. Unlike most submissions we receive, the PoC posted by the author didn’t contain a script to replicate the attack, but only contained files ready to be loaded into Winamp.

After some days we got an e-mail from ryujin…

(more…)

Joomla Automated Exploitation

14th October 2010

Joomla Automated Exploitation – Most people know or have heard about Joomla. It’s probably the only CMS with the most exploits and vulnerable addons ever made, and sometimes I wonder who creates all these.

That however, isn’t important. What matters is that once an addon is installed, there’s a high chance it contains unsanitized code aka a security hole for us to target, (ab)use and exploit.

(more…)