Teen used botnets to push adware to hundreds of thousands of PCs

 ( 645 days 13 hours ago)

A teenager has pleaded guilty in California to teaming up with another man to illegally install adware on hundreds of thousands of PCs through a series of botnets and now faces up to a year and a half in prison.

Targeted Trojans: A New Online Threat to Business

 ( 645 days 13 hours ago)

(MessageLabs) Learn about the alarming trend of custom viruses targeted at high-ranking business officials such as CIOs, CEOs and more. Carried in convincingly written emails with innocuous looking office attachments such as word files or spreadsheets, these viruses steal important business information and send it to criminals around the world.

Also, in the succinct white paper, learn the distinct advantages of the MessageLabs Email and Web Security solutions in thwarting these threats. Our advanced technology performs additional levels of attachment analysis, but, unlike other security offerings, doesn't release any after-the-fact security updates, which criminals use to test their latest viruses against.

Stock Spam: A Classic Scam

 ( 645 days 13 hours ago)

(Source: MessageLabs) The "pump 'n' dump" stock scam has been around a long time. Learn how Internet criminals are perfecting it. Plus, see how one particular scam originated from a simple e-card, and how it played out for thousands either with or without the superior protection of the MessageLabs Web Security Services solution.

FreeBSD Security Advisory FreeBSD-SA-08:03.sendfile

 ( 645 days 16 hours ago)

FreeBSD-SA-08:03.sendfile Security Advisory The FreeBSD Project Topic: sendfile(2) write-only file permission bypass Category: core Module: syskern Announced: 2008-02-14 Credits: Kostik Belousov Affects: All supported versions of FreeBSD Corrected: 2008-02-14 11:45:00 UTC (RELENG7, 7.0-PRERELEASE) 2008-02-14 11:45:41 UTC (RELENG70, 7.0-RELEASE) 2008-02-14 11:46:08 UTC (RELENG6, 6.3-STABLE) ...

Philips VOIP841 Multiple Vulnerabilities

 ( 645 days 16 hours ago)

Secure Network - Security Research Advisory Vuln name: Philips VOIP841 Multiple Vulnerabilities Systems affected: Philips VOIP841, Firmware Version 1.0.4.50 and 1.0.4.80, Web Server Version 1.5 (simple httpd) Systems not affected: n/a Severity: High Local/Remote: Remote Vendor URL: Author(s): Luca "ikki" Carettoni - luca.carettoniatsecurenetwork.it Vendor disclosure: 23rd January 2008 ...

Joomla 1.0.13 - 1.0.14 / (remote) PHP file inclusion possible if old configuration.php

 ( 645 days 16 hours ago)

Affects: Joomla 1.0.13 - 1.0.14 Vulnerability: (remote) PHP file inclusion possible if old configuration.php Date: 14-feb-2008 Introduction: Remote PHP file inclusion is possible when RGEMULATION is not defined in configuration.php. This is typical when upgrading from an older version, leaving configuration.php untouched. Furthermore, in PHP, registerglobals ...

[USN-578-1] Linux kernel vulnerabilities

 ( 645 days 16 hours ago)

Ubuntu Security Notice USN-578-1 February 14, 2008 linux-source-2.6.15 vulnerabilities CVE-2006-6058, CVE-2006-7229, CVE-2007-4133, CVE-2007-4997, CVE-2007-5093, CVE-2007-5500, CVE-2007-6063, CVE-2007-6151, CVE-2007-6206, CVE-2007-6417, CVE-2008-0001 A security issue affects the following Ubuntu releases: Ubuntu 6.06 LTS This advisory also applies to the corresponding versions of Kubuntu, Edubuntu, and Xubuntu. ...

Apache web server 2.2: htpasswd predictable salt weakness

 ( 645 days 16 hours ago)

Disclaimer: This is not the first time this issue has been discussed. Andreas Steinmetz posted about the problem for an Apache httpd release in 2003. Philipp Krammer reported that he notifed the vendor over five years ago, in January 2003. What's new is ...

etomite xss

 ( 645 days 16 hours ago)

Homepage: Tested Version: 0.6.1 Final Exploit:)%3C/script%3E/fill This is a flaw because $SERVER['PHPINFO'] is being trusted. $SERVER['PHPINFO'] will contain this value when the exploit url is used: /index.php/">/fill /fill is removed. Trust no one. Michael Brooks

[ GLSA 200802-07 ] Pulseaudio: Privilege escalation

 ( 645 days 16 hours ago)

- Gentoo Linux Security Advisory GLSA 200802-07 - - Severity: High Title: Pulseaudio: Privilege escalation Date: February 13, 2008 Bugs: #207214 ID: 200802-07 - Synopsis A vulnerability in pulseaudio may allow a local user to execute actions with escalated privileges. ...

Re: Vwar New Bug

 ( 645 days 16 hours ago)

Basically a dup of On Wed, Feb 13, 2008 at 10:50:53AM -0000, ps3rveratyahoo.com wrote: > Vendor : Www.Vwar.De > Credits : PouyaServer > Vuln. Ver : v1.5.0 Com > > [ >>> ] > [ >>> ] > [ >>> ] > [ >>> ]

artmedic weblog multiple local file inclusion vulnerabilities

 ( 645 days 16 hours ago)

artmedic weblog multiple local file inclusion vulnerabilities download author muuratsalo contact muuratsalo[at]gmail.com exploits

[DSECRG-08-011 | FIX INFORMATION] Astrosoft HelpDesk Multiple XSS

 ( 645 days 16 hours ago)

Digital Security Research Group [DSecRG] Advisory #DSECRG-08-011 FIX INFORMATION Application: Astrosoft HelpDesk Versions Affected: < 1.95.228 Vendor URL: Bugs: Multiple XSS Injections Exploits: YES Reported: 29.01.2008 Date of Public Advisory: 04.02.2008 Vendor response: 05.02.2008 Updated Report: 14.02.2008 ...

ELFdump crash when analyzing crafted ELF file.

 ( 645 days 16 hours ago)

FBSDID("$FreeBSD: src/usr.bin/elfdump/elfdump.c, v 1.12.8.2 2006/01/28 18:40:55 marcel Exp $"); EVIL ELF GENERATOR FOR ELFDUMP - david.regueraatinteco.es David Reguera Garcia - INTECO-CERT Advisory: Software : elfdump Version : 1.12.8.2 2006/01/28 18:40:55 Author : Jake Burkholder Remote : NO Execution of code : NO Privilege scalation : NO ...

JSPWiki Multiple Vulnerabilities

 ( 645 days 16 hours ago)

JSPWiki Multiple Vulnerabilities Vendor: Janne Jalkanen JSPWiki – Application Description: From JSPWiki website - “JSPWiki is a feature-rich and extensible WikiWiki engine built around a standart J2EE components (Java, servlets, JSP).� Tested versions: JSPWiki v2.4.104 JSPWiki v2.5.139 Earlier versions may also be affected. ...

Search Unleashed 0.2.10 JavaScript injection (Wordpress plugin)

 ( 645 days 16 hours ago)

Hello all, There is a bug in "Log" function of Search Unleashed by John Godley, version 0.2.10. This plug-in stores search queries but does not validates stored data and put them back "raw" to browser. HTML and Java Script can be injected with search request: /blog/?s=%3Ctextareaonmouseover%3D%22alert%28document.cookie%29%3B%22%3E%3C%2Ftextarea%3E&searchbutton=go%21 ...

Ubuntu: Linux kernel vulnerabilities

 ( 645 days 22 hours ago)

LinuxSecurity.com: The minix filesystem did not properly validate certain filesystem values. If a local attacker could trick the system into attempting to mount a corrupted minix filesystem, the kernel could be made to hang for long periods of time, resulting in a denial of service. (CVE-2006-6058)