[Lynis 1.4.2] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

[Lynis 1.4.0] Security and System Auditing Tool to Harden Linux Systems

Lynis is an auditing tool for Unix/Linux. It performs a security scan and determines the hardening state of the machine. Any detected security issues will be provided in the form of a suggestion or warning. Beside security related information it will also scan for general system information,...

Millions of Phonebook records stolen from Truecaller Database

TrueCaller, a popular app built by a Swedish company and world's largest collaborative phone directory compromised by Syrian Electronic Army hackers. Truecaller was running an outdated version 3.5.1 of blogging software WordPress for its web interface and there are millions of Phonebook records...

Increased Exploitation in Web Content Management Systems

US-CERT is aware of recent increases in the exploitation of known vulnerabilities in web content management systems CMSs such as Wordpress and Joomla. Compromised CMS installations can be used to host malicious content. US-CERT recommends that users and administrators ensure that their CMS...

Open Source Web Server Scanner: NIkto

Nikto is an Open Source GPL web server scanner which performs comprehensive tests against web servers for multiple items, including over 6500 potentially dangerous files/CGIs, checks for outdated versions of over 1250 servers, and version specific problems on over 270 servers. It also checks for...

Potential remote code execution due to embedding of old django-piston

The exposed atlassian api for forummodules found under forummodules/atlassian/api uses an outdated version of django-piston which does not contain the fix for a remote code execution bug due to the use of yaml.load instead of safeload in the emitters.py python scripton line 412. Whilst it appears...

Lax Security to Blame for NASDAQ Hack

The cyber attack on the NASDAQ OMX Group late last year was the result of shoddy security, according to a new report via Reuters. Computers running NASDAQ’s Director’s Desk, the software that was breached, had faulty firewalls, missing security patches and were running outdated software, like...

50000 WordPress Sites infected with spam

50000 WordPress Sites infected with spam The attack consists of contacting the domain wplinksforwork.com to get a list of links to be displayed on the compromised sites. However, that domain has been down for the last few days and all the sites compromised. These sites supposed to be compromised...

Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ?

Anonymous leaks PSN SSH Logs, Sony is responsible for Data Theft ? 1. On the Sony servers running the highly outdated Open SSH version 4.4. 2. Current version is 5.7. For those of Sony for encrypted version are used for more than five years several known security holes. 3. Sony server running in...

Немец выпустил «самую уязвимую ОС» на базе Linux

Торстен Шнайдер, преподаватель с факультета технологий Университета Билефельда, что находится в Германии, выпустил Damn Vulnerable Linux — специальный дистрибутив, который вобрал «все, чего не должно быть в хорошей Linux-системе». В составе Damn Vulnerable Linux — «ориентированное на взлом»...

Vulnerable DLLs distributed with Terratec HomeCinema 6.3

Once again a sad story of poor software "engineering", missing QA and a TOTALLY unresponsive vendor. The current version 6.3 of Terratec's TV software HomeCinema http://ftp.terratec.de/Receiver/TerraTecHomeCinema/TerraTecHomeCinema6.3.exe from 2009-05-05 installs outdated and vulnerable .DLLs the...

DoS in Plug and Play Web Server Proxy Server

DoS in Plug and Play Web Server Proxy Server ============================== Plug & Play server is a HTTP/FTP/NEWS/MAIL/TELNET/DNS/DHCP/HTTP-PROXY server, running on Windows platforms. Version: 1.0002c -------- Vendor: www.pandpsoft.com ------- Vulnerability: -------------- Sending the following...

SRT Security Advisory (SRT2002-04-31-1159): Mnews

====================================================================== Strategic Reconnaissance Team Security Advisory SRT2002-04-31-1159 Topic : Mnews local and remote overflow vulnerabilities Date : May 31, 2002 Credit : zillionatsafemode.org Site : http://www.snosoft.com...

CVE-1999-1074

Webmin before 0.5 is affected: it does not restrict the number of invalid password attempts for a valid username, enabling remote attackers to attempt brute‑force password cracking and potentially gain privileges. The issue is described across CVE-1999-1074 records (CVE/NVD/CVELIST) and corrobora...

Многочисленные дырки в дистрибутиве SCO 5.0.6

В дистрибутив вошли старые версии различных продуктов имеющие удаленны и локальные уязвимости...

access.counter-4.0.7.txt

The popular CGI web page access counter version 4.0.7 by George Burgyan allows execution of arbitrary commands due to unchecked user input. Commands are executed with the same privilege as the web server. Of course, other exploits can be used to get root access on an unpatched OS. The counter...

CVE-1999-0662

A system-critical program or library does not have the appropriate patch, hotfix, or service pack installed, or is outdated or obsolete...

PT-1999-1251 · Undefined · Undefined

Name of the Vulnerable Software and Affected Versions: No specific software name or affected versions are mentioned. Description: A system-critical program or library is missing the appropriate patch, hotfix, or service pack, or is outdated or obsolete. Recommendations: At the moment, there is no...

Authentication bypass via attacker provided openid server

Impact The outdated version 1 of the Steam Socialite Provider doesn't check properly if the login comes from steamcommunity.com, allowing a malicious actor to substitute their own openID server. Patches This vulnerability only affects the outdated v1.x versions of the package. These are no longer...