Home/News (last update 2004.11.19)

WebSec.org offers various services at different levels based on your perceived need for network security. We will assess your security level and work with you to establish increased security measures based on your desire.

find the newest information and advisories here. all published information is copyrighted by (WebSec.org). if you want to publish any information taken from here do not forget to get the permission from WebSec.org !

WebSec News

WebSec Advisories and News

Securityfocus News

2004.01.01
From now on our commercial services are proviced by .

2003.10.01
Added a mini whitepaper regarding the MySQL char() function to the papers - section.

2003.07.26
A new version of our webapp-tester DESPERADO has been added to our tools - section.

2003.01.26
New commercial partnership with SEC-CONSULT  .
More information will be provided soon.

2003.01.09
Due to many request a short "Desperado" README - file has been added to our Tools-Section.

2003.01.08
Links to my Partners have been added.(Including a GERMAN-Version)

2002.10.21
Eweeks "Openhack 4/2002 - Hacking Challenge" will be started on Tuesday, Oct. 22, 2002 and end on Friday, Nov. 8, 2002.

Our History for Eweeks-Openhack Challenge:
Openhack 1999: First participation
Openhack 2000: Winner of the E-Commerce Section(Vulnerabilities here)
Openhack 2001: WebSec.org found a vulnerability in IBMs Netcommerce System which leads to an administrative(store manager) account.

2002.10.09
A coule of older perl-scripts have been added to the tools-section

2002.07.02
Find "Formatter.pl" (alpha) - a perlscript for creating exploit-formatstrings "on the fly" in our tools-section.

2002.06.25
We released a new (GERMAN)whitepaper on fast exploitation of local and stack-based bufferoverflows (Find "fast and easy going HERE")

2004.11  PHP unserialize Vulnerability
2004.11  Windows cmd-line tools
2004.03  Linbox multiple Vulnerabilities
2003.07  SAP Internet Transaction Server multiple Vulnerabilities
2003.07  Invision Powerboard V.1.1.2 Multiple Vulnerabilities
2003.07  W-Agora Multiple Vulnerabilities
2003.06  paFileDB 3.1 OS-Cmd execution
2003.01  Axis Webcam DOS
2003.01  Vulnerabilities the Typo3 CMS-Tools
2002.10  Several Vulnerabilities in the Open.Project.Tool
2002.02  Endymion SakeMail file-disclosure
2002.02  Endymion MailMan file-disclosure
2001.10  getAccess file-disclosure
2001.07  buffer-overflow in wSendmail.exe 2.0x
2001.07  getAccess java-class execution
2001.07  sample methods for JS-injection
2001.05  webmail JS-injection(gmx.net)
2001.04  NULL-bytes in JavaApps
2001.01  PoolMan JDBC Admin-Interface
2001.01  ibm netcommerce 3.* SQL-injection
2000.12  cgiemail file-disclosure
2000.05  cookmail file-disclosure
2000.05  leave-link.cgi
2000.05  mail-to-form.cgi
2000.05  futureforum SQL-injection
2000.05  alienform(af.cgi) OS-command execution
2000.04  ultraboard 1.* file-disclosure
2000.04  minivend-shop 4.x OS-command execution
2000.01  AltaVista Search
  
  
  
  
  
  
  

News: Researchers find more flaws in wireless security
News: Secure hash competition kicks off
News: You don't know (click)jack
News: Researchers weigh "clickjacking"threat
Brief: Microsoft to replace OneCare with free service
Brief: Microsoft sees value in exploitability index
Brief: McColo takedown nets massive drop in spam
Brief: Firm offers $1 million bounty for blackmailers
News: TJX employee fired for exposing shoddy security
News: Thoughts of a Teenage Bot Master
News: Radio Free Europe hit by DDoS attack
News: Flash vuln fells Vista
Infocus: Data Recovery on Linux and ext3
Infocus: WiMax: Just Another Security Challenge?
Infocus: Blocking Traffic by Country on Production Networks
Infocus: Integrating More Intelligence into Your IDS, Part 2
Oliver Day: Microsoft's Stance on Piracy Affects Us All
Chris Wysopal: Clicking to the Past
Mark Rasch: The Vice of Vice Presidential E-Mail
Houston Carr: Blaming the Good Samaritan
More rss feeds from SecurityFocus

0 Day Exploits from K-Otik