A
vulnerability exploit targets a known software weakness in an operating system, application, or service. Known vulnerabilities in major software products are listed in repositories such as the
National Vulnerability Database. Quttera maintains its own vulnerability database, working from the most reliable and up-to-date sources. These listings let system managers know they need to update their software, but criminals learn at the same time about ways to attack systems that aren't up to date.
Most successful exploits of vulnerabilities take advantage of outdated systems. A good software maintenance program will stop the large majority of them. Sometimes, though, dependencies on legacy code make it difficult to keep software up to date.
Vulnerabilities take many forms, and the attacks on them are just as varied. These are some of the most common ones:
- Buffer Overflow. Specially crafted requests can trick the software into writing data beyond the area which is allocated for it, overwriting code with other instructions. This code can write files to the disk, access the database, connect to a remote server, or obliterate existing information.
- Account Hijacking. The attacker can obtain information that lets it take over a logged in session. From there, it's possible to do anything the legitimate account holder could have done.
- Website Injection. The intruder is able to add links to a website to take unsuspecting users to a different site, such as one that looks like part of the victim's site and asks users to "re-enter" their passwords. Cross-site scripting (XSS) injects JavaScript code that runs on the user's browser and steals information such as cookies and session identifiers.
Vulnerability scan software can catch problems of this type, so system managers can find and fix the most glaring weaknesses.