Comments on: Updated Undercover Exploit List http://spiresecurity.com/?p=401 Risk and Cybersecurity Analysis Wed, 21 Aug 2013 23:28:51 +0000 hourly 1 http://wordpress.org/?v=3.5.1 By: Steve Christey http://spiresecurity.com/?p=401&cpage=1#comment-607 Steve Christey Sun, 11 Feb 2007 07:15:24 +0000 http://spiresecurity.com/blog/?p=401#comment-607 CVE-2006-2286 is for a PHP exploit that was discovered in the wild; see the extensive forum discussion at http://www.dokeos.com/forum/viewtopic.php?t=6848

]]> By: Steve Christey (CVE) http://spiresecurity.com/?p=401&cpage=1#comment-606 Steve Christey (CVE) Wed, 09 Aug 2006 01:00:54 +0000 http://spiresecurity.com/blog/?p=401#comment-606 CVE-1999-0977 is for an sadmind vulnerability that was first detected in the wild; the references demonstrate this:

http://www.security.nnov.ru/1999/december/sadmin.html

And on Tuesday Aug 8, 2006, advisory MS06-040 says “When the security bulletin was released, Microsoft had received information that this vulnerability was being exploited” but also says that there had been no public disclosure. That makes it undercover in my book.

There are probably at least a dozen web application vulns that were exploited before disclosure, but only the vulnerability databases see that stuff buried in vendor forums, and since it’s only been a curiosity, so it hasn’t been tracked closely. I’ll notify you when I see them.

The MySpace Samy worm and other XSS worms probably count, but since that’s not in enterprise software, it might be a slightly different beast than what you’re talking about.

]]>