153 matches found
The inside story of the HBGary hack by Anonymous Hackers !
It has been an embarrassing week for security firm HBGary and its HBGary Federal offshoot. HBGary Federal CEO Aaron Barr thought he had unmasked the hacker hordes of Anonymous and was preparing to name and shame those responsible for co-ordinating the group's actions, including the...
Task Freak 0.6.2 SQL Injection
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 CVE-2010-1583 Vendor notified and product update released. Details of this report are also available at http://www.madirish.net/?article=456 Description of Vulnerability: - ------------------------------ The Tirzen Framework http://www.tirzen.net/tzn/...
TaskFreak 0.6.2 SQL Injection Vulnerability
Exploit for php platform in category web applications =========================================== TaskFreak 0.6.2 SQL Injection Vulnerability =========================================== Description of Vulnerability: - ------------------------------ The Tirzen Framework http://www.tirzen.net/tzn/ ...
TaskFreak 0.6.2 - SQL Injection
TaskFreak 0.6.2 - SQL Injection CVE-2010-1583 Vendor notified and product update released. Details of this report are also available at http://www.madirish.net/?article=456 Description of Vulnerability: - ------------------------------ The Tirzen Framework http://www.tirzen.net/tzn/ is a supporti...
Attack destroys data of thousands of Web host Vaserv's customers
From The Register Dan Goodin A targeted attack against a U.K.-based Web hosting company has destroyed the data of an estimated 100,000 of the company’s customers’ sites. Vaserv.com was hit by an attack this weekend that exploited a flaw in a virtualization application the company was running,...
cryptsetup can't destroy last key of a LUKS partition under Ubuntu/Debian
Hello everyone, I noticed last week that the Debian packaged version of cryptsetup has a little limitation, which could be a security issue for people who have to destroy their data forever. It is impossible to destroy a keyslot when you used it to unlock the master key. I reported the bug to...
Important: Red Hat Security Advisory: mysql security update
Updated mysql packages that fix several security issues are now available for Red Hat Application Stack v1 and v2. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a...
Important: Red Hat Security Advisory: mysql security update
Updated mysql packages that fix several security issues are now available for Red Hat Enterprise Linux 4 and 5. This update has been rated as having important security impact by the Red Hat Security Response Team. MySQL is a multi-user, multi-threaded SQL database server. MySQL is a client/server...
The Trojan uses the“free kill”evading anti-virus techniques-vulnerability warning-the black bar safety net
Today, talk about horses can be described as color change. Trojan indeed than the conventional virus more ruthless, monitoring your operation, devouring your privacy, destroy your data. We install the latest antivirus software and daily patch updates, and the firewall is always protected, but why...
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities
MercuryBoard 1.1 - Multiple Input Validation Vulnerabilities source: https://www.securityfocus.com/bid/12359/info Multiple input validation vulnerabilities affect MercuryBoard. These issues are due to a failure of the application to properly sanitize user-supplied input prior to using it in...
AIX 4.3.35.1 - Invscoutd Symbolic Link
AIX 4.3.35.1 - Invscoutd Symbolic Link source: https://www.securityfocus.com/bid/9982/info Reportedly AIX invscoutd insecurely handles temporary files; this may allow a local attacker to destroy data on vulnerable system. This issue is due to a design error that allows a user to specify a log fil...
WEBgais 1.0 - websendmail Remote Command Execution
source: https://www.securityfocus.com/bid/2077/info WEBgais is a package that provides a web interface to the "gais" Global Area Intelligent Search search engine tool. This package contains a vulnerable script, websendmail, which can be used to execute arbitrary commands on the server with the...
OReilly WebSite 1.x/2.0 win-c-sample.exe Buffer Overflow Vulnerability
Description O'Reilly WebSite Pro is a Windows 95/NT Web Server package. Versions 2.0 and below contained a vulnerable sample script, win-c-sample.exe, placed by default in /cgi-shl/ off the web root directory. This program is vulnerable to a buffer overflow, allowing for execution of arbitrary...