526 matches found
The Coming Wave of Mobile Attacks
The pace of innovation on mobile phones and other smart wireless devices has accelerated greatly in the last few years, adding features, speed and computing power. But now the attackers are beginning to outstrip the good guys on mobile platforms, developing innovative new attacks and methods for...
PDF JBIG2 multiple input validation flaws
Multiple "input validation flaws" in the JBIG2 decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file...
Koobface: Hit Down in HK, Gets Up in China
Security experts in Hong Kong last week succeeded in taking down a key component of the Koobface bonnet, only to witness the system popping up in China. Read the full article. The Register...
Top 20 'Critical Controls' from SANS Institute
The SANS Institute has released critical security controls for cyber defense agreed to by a consortium of agencies including: “NSA, US Cert, DoD, DoD JTF-GNO, the Department of Energy Nuclear Laboratories, Department of State, DoD Cyber Crime Center plus the top commercial forensics experts and p...
RSA 2010: Experts Reject Taxing Hacks & Malware
Microsoft’s idea that the fight against malware could be funded by an Internet tax is “horrible,” an analyst said as other experts weighed in on a recent comment by the company’s security chief. Read the full article. Computerworld...
Attackers Buying Own Data Centers for Botnets, Spam
The malware writers and criminals who run botnets for years have been using shared hosting platforms and so-called bulletproof hosting providers as bases of operations for their online crimes. But, as law enforcement agencies and security experts have moved to take these providers offline, the...
WOW Gamers Targeted with Trojan Spam
Security experts are warning of a new malicious spam campaign with a Trojan Horse designed to harvest the log-in credentials of online gamers with sexually explicit images of Asian women. Read the full article. SC Magazine...
DEBIAN-CVE-2009-2660
Multiple integer overflows in CamlImages 2.2 might allow context-dependent attackers to execute arbitrary code via images containing large width and height values that trigger a heap-based buffer overflow, related to 1 crafted GIF files gifread.c and 2 crafted JPEG files jpegread.c, a different...
Researchers Releasing Tool to Break Into Oracle Databases
From CNet News.com Elinor Mills During their presentation at the Black Hat and Defcon hacker conferences next week in Las Vegas, security experts will release a tool that can be used to break into Oracle databases. Chris Gates and Mario Ceballos will present Oracle Pentesting Methodology and give...
Opera Unite: Botmaster's Best Friend?
From IDG News Service Robert McMillan Opera has added a lot of cool new features to its upcoming Opera 10 browser, and one of them is almost sure to catch the eye of cyber criminals. It’s called Opera Unite, and while Opera promotes it as an exciting new platform for next-generation Web...
Online Ad Sales Open Door to Viruses
From The Wall Street Journal Emily Steel On a Saturday night at the end of May, visitors to the forums section of Digital Spy, a British entertainment and media news Web site, were greeted with an ad that loaded malicious software onto their computers. The Web site’s advertising system had been...
Data-sniffing trojans hit Eastern European ATMs
From The Register Dan Goodin Security experts have discovered a family of data-stealing trojans that have burrowed into automatic teller machines in Eastern Europe over the past 18 months. The malware logs the magnetic-stripe data and personal identification number of cards used at an infected...
What's the cost of fixing an application vulnerability?
From DarkReading Kelly Jackson Higgins The cleanup cost for fixing a bug in a homegrown Web application ranges anywhere from $400 to $4,000 to repair, depending on the vulnerability and the way it’s fixed. Security experts traditionally have been hesitant to calculate the actual cost associated...
Forensic experts fuse technology, intelligence for investigations
From The New York Times John Markoff The small cadre of experts who spend their time doing the meticulous, painstaking work of tracing cyber attacks is increasingly relying on a combination of advanced technical tools and old-fashioned intelligence-gathering techniques to track down the people an...
PDF JBIG2 MMR decoder buffer overflows
Multiple buffer overflows in the JBIG2 MMR decoder in Xpdf 3.02pl2 and earlier, CUPS 1.3.9 and earlier, Poppler before 0.10.6, and other products allow remote attackers to execute arbitrary code via a crafted PDF file...
CVE-2008-5267
SQL injection vulnerability in answer.php in Experts 1.0.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the questionid parameter...
Sql injection
SQL injection vulnerability in answer.php in Experts 1.0.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the questionid parameter...
CVE-2008-5267
An SQL injection vulnerability in Experts 1.0.0 (component: answer.php) allows remote attackers to execute arbitrary SQL via the question_id parameter when magic_quotes_gpc is disabled. Root cause: input not properly sanitized. Impact: partial confidentiality, integrity, and availability per CVSS...
CVE-2008-5267
SQL injection vulnerability in answer.php in Experts 1.0.0, when magicquotesgpc is disabled, allows remote attackers to execute arbitrary SQL commands via the questionid parameter...
experts-sql.txt
========================================================= Experts answer.php Remote SQL Injection Vulnerability ========================================================= ,--^----------,--------,-----,-------^--, | ||||||||| --------' | O .. CWH Underground Hacking Team...