sudo vulnerability
Ubuntu Security Notice USN-235-2 January 09, 2006sudo vulnerabilityCVE-2005-4158A security issue affects the following Ubuntu releases:Ubuntu 4.10 (Warty Warthog)Ubuntu 5.04 (Hoary Hedgehog)Ubuntu 5.10 (Breezy Badger)The following packages are affected:sudoThe problem can be corrected by upgradi...
0 answers | 3017 bytes |
libapache2-mod-auth-pgsqlvulnerability
Ubuntu Security Notice USN-239-1 January 09, 2006libapache2-mod-auth-pgsql vulnerabilityCVE-2005-3656A security issue affects the following Ubuntu releases:Ubuntu 4.10 (Warty Warthog)Ubuntu 5.04 (Hoary Hedgehog)Ubuntu 5.10 (Breezy Badger)The following packages are affected:libapache2-mod-auth-pg...
0 answers | 2393 bytes |
Web App Traps (custom IDS)
Hi MederRead your article, and although quite interesting, I don't think itwould work (for me). thing it would be difficult to add time to a project just to allownon functional code into the code base. Non functional meaning as far asthe customer is concerned. Further a new developer on the...
2 answers | 2160 bytes |
Defacing Groups using PHP Include Attacks as Vector
For the most part I ignore the dozens of daily attacks against my system but this one caught my eye. Looks like some defacing groups are writing/implementingperl scripts to identify query strings, and attempt php inclusion attacks against them (not using known exploits). Below is a log snippet.2...
0 answers | 2570 bytes |
WMF Vulnerability Summary
Tue, 3 Jan 2006, Paul Asadoorian wrote:I would imagine that most, like myself, are busy trying to make senseof the WMF vulnerability, perform risk assessments, and recommendappropriate actions for your organization. I have attempted tosummarize the WMF information that is flooding security site...
0 answers | 599 bytes |
IPS project - wanted translators
We need translators for the HLBR IPS project (except to english). TheURL of the project isHLBR is an IPS (Intrusion Prevention System) that can filter packetsdirectly in the layer 2 of the SI model (so the machine doesn't needeven an IP address). Detection of malicious/anomalous traffic is...
0 answers | 655 bytes |
Applied RPM Update to Walleye
Not sure if the RPM wasn't set correctly, but when I applied the Walleye update from , I got new errors complaining that directories were not writable. I fixed this by setting all the directories in /var/www/html/walleye/ to be owned by the user and group apache - they had been set to root....
0 answers | 689 bytes |
Windows PHP 4.x "0-day" buffer overflow
PGP SIGNED MESSAGEHash: SHA1This has nothing to do with the named pipe itself. This is a flawin the way PHP parses a server name containing a named pipedeclaration.If you read it again, you will find this is a classical stack basedbuffer overflow before the named pipe is even created. It's...
0 answers | 1493 bytes |
Awstats and XMLRPC for PHP attacks
More attacks on Awstats and XMLRPC for PHP. What's new in this case isthe 2 new malware variants (at least in our case) that we picked upthat is being downloaded to the target as part of the attackmechanism.Full writeup:Ryan TalabisPhilippine Honeynet ProjectWatchfire's AppScan is the...
0 answers | 583 bytes |
2x 0day Microsoft Windows Excel
PGP SIGNED MESSAGEHash: SHA1after many hours working on excel I have found acritical excel bug exploitable. This is not a stack bofnor a heap bof , a bug extremely hard to find and trigger , but itconduct excel to execute any arbitrary codes while opening a maliciousxls file.note: the bug isn&#...
6 answers | 1825 bytes |
Web App Traps (custom IDS)
Hi,I've done a small writeup on web application traps. Full version ishere: http://o0o.nu/~meder/wats.txtHere's an abstract:2. What is a Web Application Trap (WAT)?The idea behind WATs is simple: enable the application to detect andalert the appropriate support staff whenever someone i...
0 answers | 894 bytes |
Felony For Refreshing A Web Page
PGP SIGNED MESSAGEHash: SHA1- MessageFrom: Jason Coombs [mailto:jasonc (AT) science (DOT) org]Sent: Saturday, 07 January, 2006 10:19To: exon; zeno (AT) cgisecurity (DOT) netCc: websecurity (AT) securityfocus (DOT) com; webappsec (AT) securityfocus (DOT) comSubject: Re: Felony For Refreshing A W...
0 answers | 2461 bytes |
- sudo vulnerability
- libapache2-mod-auth-pgsqlvulnerability
- Web App Traps (custom IDS)
- Defacing Groups using PHP Include Attacks as Vector
- WMF Vulnerability Summary
- IPS project - wanted translators
- Applied RPM Update to Walleye
- Windows PHP 4.x "0-day" buffer overflow
- 2x 0day Microsoft Windows Excel
- Please Review a Diffie Hellman diagram
- Felony For Refreshing A Web Page
- WMF Risk Analysis for Win9X anyone ?
- what we REALLY learned from WMF
- Open Letter on the Interpretation of "Vulnerability Statistics"
- infosecbofh
- Unofficial Microsoft patches help hackers,not security
- Home- About Us- Contact- Privacy Statement- Link Exchange- Bookmark- Map.XML- Rss.Xml
- Copyright 2001-2009 by EMSDN.COM Information Technology Co.,Ltd All rights reserved
- 0.281