News Feed
Jobs Feed
Sections

Recent Jobs

News Archive
feed this:

CyberInsecure.com:
Half-Million Sites Mostly Running PHPBB Forum Software Hacked In Latest Attack
May 13, 2008 @ 14:04:38

According to the CyberInsecure.com website around a half-million websites running PHPBB were hacked in a large coordinated effort.

More than half a million websites have been compromised in a new round of attacks that hacked domains in order to infect unsuspecting users' PCs with a variety of trojans. This ongoing campaign includes new malware hosting domains and new trojans variations. All of the sites are running older or misconfigured versions of "phpBB," an open-source message forum manager. Open-source popular applications like phpBB tend to be often targeted by mass scanning and exploiting tools.

The hack redirected visitors through several steps ultimately ending up on a page that tried to take advantage of errors in older Internet Explorer and RealPlayer versions. The article talks about exactly which viruses could have caused the problems and the wide range of sites (both in topic and location) that were effected.

The best way to protect you and your PHPBB install from something like this happening is to get the latest version of the software and learn how to configure it correctly.

0 comments voice your opinion now!
phpbb forum software attack hack redirect vulnerability



Advisory:
Gentoo Linux PHP Package Upgrade
October 08, 2007 @ 08:45:00

The Gentoo linux group has made a new package release for the PHP on their distribution:

PHP contains several vulnerabilities including buffer and integer overflows which could lead to the remote execution of arbitrary code. [...] There is no known workaround at this time. All PHP users should upgrade to the latest version.

You can get more information on the issues that the new package corrects from the Gentoo advisory and use their emerge package manager to make the upgrade automatically.

0 comments voice your opinion now!
gentoo linux advisory package update vulnerability gentoo linux advisory package update vulnerability


Secunia.com:
Fedora update for PHP
September 25, 2007 @ 07:52:00

Via this Secunia advisory posted today, there's information about the update the Fedora Linux group has made to the PHP package included in their distribution. According to the release:

This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory post has more details on what the update fixes as well as the link to download the RPM packages to update your system. You can either manually download them or use the "yum" system to handle things a bit more automatically.

0 comments voice your opinion now!
fedora linux update package security vulnerability secunia fedora linux update package security vulnerability secunia


Secunia.com:
Red Hat Update for PHP
September 21, 2007 @ 07:54:00

On the Secunia site today, there's a new advisory posted for users of Red Hat linux - an update to the system's PHP packages.

Red Hat has issued an update for php. This fixes some vulnerabilities, which can be exploited by malicious, local users to bypass certain security restrictions and by malicious people to bypass certain security restrictions and cause a DoS (Denial of Service).

The original advisory has more details on what the patch fixes and the checksum information for the update packages for all OSes.

0 comments voice your opinion now!
redhat update secunia package security vulnerability redhat update secunia package security vulnerability


Help Net Security:
Remote Vulnerabilities Discovered in phpMyAdmin
September 12, 2007 @ 15:07:00

As mentioned by the Int'l PHP Magazine and posted on the Help Net Security website, there are some issues with recent releases of phpMyAdmin that can open the door to potential attackers:

Several remote vulnerabilities have been discovered in phpMyAdmin, a program to administrate MySQL over the web. The Common Vulnerabilities and Exposures project.

There's five issues around the PMA_ArrayWalkRecursive function, the blacklist functionality, cross-site scripting problems, and an issue that allows for the bypassing Allow/Deny access rules. It is recommended that you install the latest version to protect you and your applications.

0 comments voice your opinion now!
security vulnerability phpmyadmin remote security vulnerability phpmyadmin remote


Secunia.com:
Joomla! Multiple Vulnerabilities
July 30, 2007 @ 10:26:00

Secunia.com reports that multiple vulnerabilities have been found in the Joomla! content management system:

Some vulnerabilities have been reported in Joomla!, which can be exploited by malicious people to conduct session fixation attacks, cross-site scripting attacks or HTTP response splitting attacks.

The issues are marked as "less critical" but users should still update to the latest version to avoid these issues:

  • Certain unspecified input passed in com_search, com_content and mod_login is not properly sanitised before being returned to a user
  • Input passed to the "url" parameter is not properly sanitised before being returned to the user. This can be exploited to insert arbitrary HTTP headers.
  • An error exists in the handling of sessions and can be exploited to hijack another user's session by tricking the user into logging in after following a specially crafted link.

See the original advisory post here.

0 comments voice your opinion now!
joomla content management cms vulnerability secunia joomla content management cms vulnerability secunia


Secunia.com:
PHP "glob()" Code Execution Vulnerability
July 16, 2007 @ 13:52:38

As reported here on Secunia (as discovered by shinnai), there's a code execution vulnerability in PHP's glob function:

The vulnerability is caused due to an error in the handling of an uninitialized structure inside the "glob()" function. This can be exploited to execute arbitrary code, which may lead to security restrictions (e.g. the "disable_functions" directive) being bypassed.

The vulnerability is confirmed in the 5.2.3 win32 installer. Other versions may also be affected.

The issue is marked as "less critical" and can be avoided easily by only allowing trusted users the correct permissions to execute PHP code on the server.

0 comments voice your opinion now!
glob vulnerability execution code bypass security glob vulnerability execution code bypass security


Secunia.com:
CodeIgniter Weakness and Directory Traversal Vulnerability
July 11, 2007 @ 11:07:00

On the Secunia.com site today, there's a new vulnerability posted that users of the CodeIgniter framework should pay attention to - a "weakness and directory traversal vulnerability".

Lukasz Pilorz has reported a vulnerability and a weakness in CodeIgniter, which can be exploited by malicious people to disclose sensitive information and conduct cross-site scripting and header injection attacks.

There are two problems that lead to this issue - a non-sanitized input parameter and unsanitized data being passed to the xss_clean function. These issues affect CodeIgniter version 1.5.3 and, as of the time of this post, no update has been made in an official release. It is mentioned, however, that the problem has been fixed in the CVS and is waiting for a release.

0 comments voice your opinion now!
codeigniter weakness directory traversal vulnerability framework codeigniter weakness directory traversal vulnerability framework


Symfony Blog:
symfony 1.0.5 released (security fix)
June 28, 2007 @ 10:31:00

The Symfony project has released the latest version of their framework - Symfony 1.0.5 - largely a security fix release to help head off some issues that came up with the phpmailer utility.

I've just released symfony 1.0.5. If you use the symfony built-in phpmailer (and you do if you use the ->sendMail() method in your actions), you must upgrade to this release or apply the following patch: http://trac.symfony-project.com/trac/changeset/4380?format=diff&new=4380. PHPMailer has a remote command execution vulnerability if you have configured it to use sendmail. You can find more information about this issue here: http://larholm.com/2007/06/11/phpmailer-0day-remote-execution/

The easiest way to correct the issue is to just apply the patch to your current installation, but since there are other fixes included in the new version, you might opt for the update anyway.

0 comments voice your opinion now!
symfony framework release security phpmailer vulnerability symfony framework release security phpmailer vulnerability


Secunia.com:
SUSE update for PHP4
June 25, 2007 @ 09:17:00

According to this new advisory from Secunia today, the SuSE linux group has released a new package update for the PHP4 distribution on their operating system:

SUSE has issued an update for php4. This fixes some vulnerabilities and a weakness, where one has an unknown impact and the others can be exploited by malicious, local users to gain escalated privileges, and by malicious, local users and malicious people to bypass certain security restrictions.

The issue is marked as "Less critical" but it's still a good idea to update, especially when it relates to security issues. You can find more information at the original advisory on the Novell site.

0 comments voice your opinion now!
php4 update suse linux package security vulnerability php4 update suse linux package security vulnerability



Community Events









Don't see your event here?
Let us know!


database zend mysql example developer PHP5 job application package releases cakephp book ajax code security conference zendframework release framework PEAR

All content copyright, 2009 PHPDeveloper.org :: info@phpdeveloper.org - Powered by the Solar PHP Framework