The Hacker News Logo
Subscribe to Newsletter

The Hacker News — Cyber Security and Hacking News Website: Remote exploit

Major VBulletin based websites are vulnerable to Hackers; Pakistani forums defaced by Indian Hackers

Major VBulletin based websites are vulnerable to Hackers; Pakistani forums defaced by Indian Hackers

September 06, 2013Wang Wei
vBulletin is a publishing suite that allows users to create and publish a variety of content, including: forums, blogs, and polls. If you currently use an older version of  vBulletin  on your website, you might be opening up your site to an attack as some serious security vulnerabilities, which allows hackers to access your hosting admin panel. Two Indian Hackers, going by virtual name  Ne0-h4ck3r & Google-warri0r has developed an exploit of known  vBulletin  vulnerability, that can be used to add a user remotely to  vBulletin  customer panel with admin privileges. According to Hackers, vBulletin versions 4.x.x.x are affected to their exploit. It isn’t quite clear the extent of the exploit, however, hundreds of major websites on  vBulletin  have been reported to be affected. Here’s a list of some domains that have been used so far in this attack: http://usasexguide.info/ http://www.desironak.com/ http://www.pakistanipoint.com http://www.cssexam.com/f
CISCO vulnerability allows remote attacker to take control of Windows system

CISCO vulnerability allows remote attacker to take control of Windows system

August 30, 2013Mohit Kumar
Cisco has fixed a critical vulnerability in Secure Access Control Server for Windows that could allow remote attackers to execute arbitrary commands and take control of the underlying operating system. Cisco Secure ACS is an application that allows companies to centrally manage access to network resources for various types of devices and users.  The reported flaw affects Cisco Secure ACS for Windows versions 4.0 through 4.2.1.15. Successful exploitation requires that Cisco Secure Access Control Server is configured as a RADIUS server EAP-FAST authentication. The Cisco Security advisory said: “ The vulnerability is due to improper parsing of user identities used for EAP-FAST authentication. An attacker could exploit this vulnerability by sending crafted EAP-FAST packets to an affected device. An exploit could allow the attacker to execute arbitrary commands on the Cisco Secure ACS server and take full control of the affected server ,” The newly patched vulnerabili
Cisco Linksys routers vulnerable to remote zero-day exploit

Cisco Linksys routers vulnerable to remote zero-day exploit

January 16, 2013Mohit Kumar
A zero-day vulnerability has been discovered in popular Cisco Linksys routers that allows hackers to gain remote root access. Security vendor DefenseCode discovered the flaw and reported it to Cisco months ago and a fix is already on the way. According to Cisco, more than 70 million Linksys routers sold globally. This exploit was successfully tested against a Linksys model WRT54GL router by researchers at security firm DefenseCode who claimed that the latest Linksys firmware 4.30.14 and all previous versions are still vulnerable. It took the team only 12 days to develop an exploit that could be used by hackers to take control of a person’s wireless router and hijack all the information being processed through it. The vulnerability is demonstrated in the following video:
5 Checks You Must Run To Ensure Your Network Is Secure

5 Checks You Must Run To Ensure Your Network Is Secure

January 10, 2013Wang Wei
Twenty-four hours a day, seven days a week, 365 days each year – it’s happening. Whether you are awake or asleep, in a meeting or on vacation, they are out there probing your network, looking for a way in. A way to exploit you; a way to steal your data, a place to store illegal content, a website they can deface, or any of a hundred other ways to mess with you for the simple joy of it all. And they can do this with relative ease, even in an automated fashion, with simple tools that are readily available to all. I’m talking about network scanners. The bad guys use them all day every day to assess networks around the world because a network scanner is one of the easiest and most efficient ways to find the cracks in your armor. If you want to see your network the same way an attacker would, then you want to use a network scanner. Network scanners perform automated tests of systems over the network. They don’t require agents or any other software to be installed on the “target”
Remote 0day Exploit for Tectia SSH Server released

Remote 0day Exploit for Tectia SSH Server released

December 03, 2012Mohit Kumar
Hacker @kingcope discovered critical vulnerability in Tectia SSH Server. Exploit working on SSH-2.0-6.1.9.95 SSH Tectia Server (Latest available version from www.tectia.com) that allow attacker to bypass Authentication remotely. Description :  An attacker in the possession of a valid username of an SSH Tectia installation running on UNIX (verified on AIX/Linux) can login without a password. The bug is in the “SSH USERAUTH CHANGE REQUEST” routines which are there to allow a user to change their password. A bug in the code allows an attacker to login without a password by forcing a password change request prior to authentication. Download Exploit Code : Click Here A default installation on Linux (version 6.1.9.95 of Tectia) is vulnerable to the attack. Eric Romang posted a Demo video on Youtube, hope you will like it :) Command Source : http://goo.gl/BHqWd
Exclusive Deals

Get Daily News Updates By Email

Join over 350,000 information security professionals — Get the best of our cyber security coverage delivered to your inbox every morning.