social Web CMS Beta 2 - Multiple Vulnerabilities

social Web CMS Beta 2 - Multiple Vulnerabilities Author: cp77fk4r | Empty0pagEShift+2gmail.com Software Link: http://www.socialwebcms.com Version: X = Beta 2 Vulnz: Directory Listing http://server/modules/ XSS http://server/index.php?category=%22%3EXSS CSRF -Add friends:...

SQL Injection Hits Social Net for Developers

A SQL injection flaw has been discovered in Rockyou.com – a social networking application development website used by app developers for Bebo, Facebook and Myspace; The flaw could have allowed hackers access to the 32 million usernames and passwords. Read the full article. eWEEK Europe...

Flock 2.5.2 Remote Array Overrun

Flock 2.5.2 Remote Array Overrun Arbitrary code execution Author: Maksymilian Arciemowicz and sp3x http://SecurityReason.com Date: - Dis.: 07.05.2009 - Pub.: 11.12.2009 CVE: CVE-2009-0689 CWE: CWE-119 Risk: High Remote: Yes Affected Software: - Flock 2.5.2 Fixed in: - Flock 2.5.5 NOTE: Prior...

Ubuntu USN-863-1 (qemu-kvm)

The remote host is missing an update to qemu-kvm announced via advisory USN-863-1. OpenVAS Vulnerability Test $Id: ubuntu8631.nasl 7969 2017-12-01 09:23:16Z santu $ $Id: ubuntu8631.nasl 7969 2017-12-01 09:23:16Z santu $ Description: Auto-generated from advisory USN-863-1 qemu-kvm Authors: Thomas...

Ubuntu: Security Advisory (USN-863-1)

The remote host is missing an update for the SPDX-FileCopyrightText: 2009 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

[USN-863-1] QEMU vulnerability

=========================================================== Ubuntu Security Notice USN-863-1 December 03, 2009 qemu-kvm vulnerability https://launchpad.net/bugs/458521 =========================================================== A security issue affects the following Ubuntu releases: Ubuntu 9.10...

Ubuntu 9.10 : qemu-kvm vulnerability (USN-863-1)

It was discovered that QEMU did not properly setup the virtio networking features available to its guests. A remote attacker could exploit this to crash QEMU guests which use virtio networking on Linux kernels earlier than 2.6.26. Note that Tenable Network Security has extracted the preceding...

USN-863-1: QEMU vulnerability

It was discovered that QEMU did not properly setup the virtio networking features available to its guests. A remote attacker could exploit this to crash QEMU guests which use virtio networking on Linux kernels earlier than 2.6.26...

Why Privacy Concerns Are Ruining Facebook

Facebook was built as a powerful social connector, allowing users to befriend others with similar interests, locations, schools, and more. But as privacy concerns mount and users demand more protection, the social networking site’s philosophy has started to go down the toilet. Now that Facebook i...

Federal Wiretaps Busted by Researchers

Researchers at the University of Pennsylvania say they’ve discovered a way to circumvent the networking technology used by law enforcement to tap phone lines in the U.S.The flaws they’ve found “represent a serious threat to the accuracy and completeness of wiretap records used for both criminal...

HP curiosity and vulnerability

Before the vulnerability.. HP buys 3Com in mega $2.7 billion deal http://www.scmagazineus.com/HP-buys-3Com-in-mega-27-billion-deal/article/157601/ HP plans to buy 3Com $2.7b, which owns TippingPoint, which runs ZDI, which has a 1128-day vuln in HP products: http://bit.ly/2HEonE...

Facebook Administrator Groups Hijacked

As of this morning, an anonymous group hijacked more than 200 Facebook groups and renamed them “Control Your Info”. Pasted on each group’s Wall was a message announcing that it had been “hijacked” and reminding members to be careful about controlling personal information on social networking site...

On Social Networking Attacks, Gumblar and Cyberterror

Dennis Fisher and Ryan Naraine discuss the increasing volume and sophistication of attacks on social networks, the continued rise of malware campaigns such as Gumblar and the recent news around cyberwar and cyberterror. Download SHOW NOTES: Gumblar Attacks Spread to Thousands of New Sites Report:...

HP StorageWorks Storage Mirroring Double Take Service Code Execution (CVE-2008-1661)

HP StorageWorks is a collection of storage solutions from Hewlett Packard. These solutions include online storage, nearline storage, storage networking , archiving, and storage software. One of the storage software solutions is the Storage Mirroring Software. HP StorageWorks Storage Mirroring...

Consumers Should Clean Up Their Act on Personal Security

The growing use of social networking sites is leaving PC inadvertently open to identity thieves warned Hugh Thompson, chief security strategist at People Security. Speaking at the RSA Europe Conference, Thompson said that people were unaware just how many clues they left for fraudsters. He said...

Worm Attacks Reddit

The rash of attacks on social networking sites is continuing, this time in the form of a cross-site scripting worm that is currently plaguing Reddit, the popular social bookmarking portal. The Reddit attack is interesting in that it requires a minimum of user interaction in order to spread. The...

Cisco Plugs Holes in IOS Software

Cisco has released a peck of patches to cover multiple security flaws in its flagship Cisco IOS originally Internetwork Operating System, warning that the bugs exposes businesses to denial-of-service or policy bypass attacks. In all, the networking vendor released 10 advisories covering Cisco IOS...

Koobface, Twitter Attacks Growing More Sophisticated

GENEVA — The attacks and scams that have been affecting users of Facebook, Twitter and other popular social networking sites are continuing to evolve and improve, as the attackers learn more about their victims and refine their tactics, experts say. The poster child for these attacks has been the...

SuSE 11 Security Update : dbus (SAT Patch Number 726)

The dbus package used a too permissive configuration. Therefore intended access control for some services was not applied. CVE-2008-4311 The new configuration denies access by default. Some dbus services may break due to this setting and need an updated configuration as well. With the previous...

VB 2009: Stefan Tanase on Web 2.0 Threats and Anti-Social Networking

Digital Underground podcast with Dennis Fisher Dennis Fisher talks with Stefan Tanase, senior security researcher at Kaspersky Lab, live from Virus Bulletin 2009 about the threats on social networking sites and the privacy and security concerns presented by Web 2.0 technologies. Here are the slid...