Mass SQL injection attack hits Chinese Web sites

 ( 144 days 13 hours ago)

Thousands of Web sites in China and Taiwan have been hit by a large-scale SQL injection attack that has placed malware on thousands of Web sites, according to a security company in Taiwan.

38 in U.S., Romania charged in phishing schemes

 ( 144 days 13 hours ago)

U.S. authorities have charged 38 people in the U.S. and Romania in two related phishing schemes.

DoS attacks using SQL Wildcards - White Paper

 ( 144 days 14 hours ago)

This paper discusses abusing Microsoft SQL Query wildcards to consume CPU in database servers using only the search field present in most common web applications. It can be downloaded from Majority of the Microsoft SQL Server based web applications are ...

Microsoft word javascript execution

 ( 144 days 14 hours ago)

Products affected: Microsoft word 2003/2007 OS Tested : Windows Xp all patch ...

Wordpress Malicious File Execution Vulnerability

 ( 144 days 14 hours ago)

Wordpress Malicious File Execution Vulnerability AUTHOR : CWH Underground DATE : 18 May 2008 SITE : www.citecclub.org APPLICATION : Wordpress Blog VERSION : <= 2.5.1 VENDOR : DOWNLOAD : DORK: N/A DESCRIPTION You must login into wordpress with Administrator Roles ...

Insomnia : ISVA-080516.1 - Altiris Deployment Solution - SQL Injection

 ( 144 days 14 hours ago)

Insomnia Security Vulnerability Advisory: ISVA-080516.1 Name: Altiris Deployment Solution - SQL Injection Released: 16 May 2008 Vendor Link: Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x Original Advisory: Researcher: Brett Moore, Insomnia Security Description ...

Re: Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

 ( 144 days 14 hours ago)

re: "set 403 page's charset in the server side by writing it in your server code" Apache *does* set the charset in the HTTP header. It is set to iso-8859-1 by default. ...

Insomnia : ISVA-080516.2 - Altiris Deployment Solution - Domain Account Disclosure

 ( 144 days 14 hours ago)

Insomnia Security Vulnerability Advisory: ISVA-080516.2 Name: Altiris Deployment Solution - Domain Account Disclosure Released: 16 May 2008 Vendor Link: Affected Products: Altiris Deployment Solution 6.8.x & 6.9.x Original Advisory: Researcher: Brett Moore, Insomnia Security Description ...

Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

 ( 144 days 14 hours ago)

yos20053atgmail.com wrote: > Dear Bill From Apache > > I think that you didn't understand this vulnerability properly. We understand it quite well; we simply disagree on the context of which is vulnerable, the Apache server which holds to RFC2616, or IE (and Firefox ...

Smeego CMS vulnerability

 ( 144 days 14 hours ago)

# Smeego CMS Local File Include Exploit # by # 0in from Dark-Coders Programming & Security Group # >>>>>>>> <<<<<<<<<<<<<< # # Contact: 0in(dot)email[at]gmail(dot)com # # Greetings to: DieAngel,suN8Hclf,m4r1usz,djlinux,doctor # # Description: # Smeego is a Content Management System or Portal # System written in PHP and designed to be ...

[SECURITY] [DSA 1579-1] New netpbm-free packages fix arbitrary code execution

 ( 144 days 14 hours ago)

- Debian Security Advisory DSA-1579-1 securityatdebian.org Devin Carraway May 18, 2008 - Package : netpbm-free Vulnerability : insufficient input sanitizing Problem type : local (remote) Debian-specific: no CVE Id(s) : CVE-2008-0554 A vulnerability was discovered in the GIF reader implementation in ...

Re: Apple iPhone 1.1.3 remote DoS exploit

 ( 144 days 14 hours ago)

seems to work on 1.1.4 as well. froze my whole phone, and i had to do a hard reset.

Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

 ( 144 days 14 hours ago)

Hello Yossi, I've read your previous messages and I'm not convinced. > I think that you didn't understand this vulnerability properly. I ask > to to check again and run this exploit with Firefox. After running this ...

Cpanel all version >> root access with a reseller account.

 ( 144 days 14 hours ago)

By : Ali Jasbi ( IHST security & hacking Research team) WwW.Hackerz.ir Vendor : Cpanel.net Version : ALL !! Risk : Very high What u can do with this bug is : u can have a access to all the server with reseller privilege (Th3 r00t) how it's work ? ...

Re: Re: Re: Re: Apache Server HTML Injection and UTF-7 XSS Vulnerability

 ( 144 days 14 hours ago)

Yossi Yakubov wrote in : > if you, apache guys will set 403 page's charset ... Done, as per : >> All [current] releases include fixes ... > ... change manually the ecnoding in Firefox to UTF-7 ... There is no ...

Foresight: firefox

 ( 144 days 19 hours ago)

LinuxSecurity.com: A flaw has been found in previous versions of firefox's JavaScript garbage collector. This issue is known to cause a Denial-of-Service via maliciously-crafted web pages, and is suspected of allowing arbitrary code execution on the target machine by an attacker.

Debian: New netpbm-free packages fix arbitrary code execution

 ( 144 days 19 hours ago)

LinuxSecurity.com: A vulnerability was discovered in the GIF reader implementation in netpbm-free, a suite of image manipulation utilities. Insufficient input data validation could allow a maliciously-crafted GIF file to overrun a stack buffer, potentially permitting the execution of arbitrary code.

Debian: New php4 packages fix several vulnerabilities

 ( 144 days 19 hours ago)

LinuxSecurity.com: Several vulnerabilities have been discovered in PHP version 4, a server-side, HTML-embedded scripting language. The Common Vulnerabilities and Exposures project identifies the following problems: