Mambo CMS Suffers From File Inclusion VulnerabilityJune 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.
phpBB Auction Module Vulnerable To File Inclusion ExploitMay 3rd, 2006 Input passed to the "phpbb_root_path" parameter in "auction/auction_common.php" isn't properly verified, before it is used to include files. This can be exploited to include arbitrary files from external and local resources.
Mambo / Joomla SQL Injection Vulnerability DiscoveredAugust 28th, 2006 Omid has discovered a vulnerability in Mambo & Joomla, which can be exploited by malicious users to conduct SQL injection attacks. Input passed to the "id" parameter when editing content isn't properly sanitised before being used in a SQL query.
Microsoft PowerPoint Suffers From Memory Corruption Security VulnerabilityJuly 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.
Xoops CMS SQL Injection Vulnerability ReportedJune 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.
Command Execution Vulnerability in WordPress Affecting all VersionsAugust 13th, 2005 A command execution vulnerability has been found in WordPress's handling of incoming cookie information which allows remote attackers to cause the program to execute arbitrary code if the PHP settings of register_globals has been set to On. Already a perl and php exploit is available.
Cross-Site Scripting Vulnerability in Apache mod_imap ModuleDecember 16th, 2005 A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server's mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user.
PHP XMLRPC Remote Code Execution Vulnerability affecting Popular Blogging and CMS Platforms like WordPress 1.5.1.2 (and lower), PostNuke, Drupal, b2evolution TikiWiki etc.July 5th, 2005 PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC, web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge.
Mambo / Joomla SQL Injection VulnerabilityJune 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.
Macromedia Flash Player 7 Remote Code Execution VulnerabilityNovember 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.
Serious Security Vulnerabilities in Outpost Firewall Pro & Lavasoft Personal FirewallJuly 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.
How to Set Up Root Password for Your MySQL ServerJanuary 17th, 2009 If you have never set a root password for MySQL, the server does not require a password at all for connecting as root. To set up a root password for the first time, use the mysqladmin command at the shell prompt as follows:
$ mysqladmin -u root password newpass
If you want to change (or update) a root password, then you need to use the following command:
$ mysqladmin -u root -p oldpassword newpass
I hope this will work for you perfectly.
How to Disable Direct Root Login to Secure Your NetworkJanuary 2nd, 2009 Root login is perhaps one of the very few vulnerabilities that Linux operating system faces. A person can hack into your system as a root user easily and can play with security settings.
iPhone Hacking: Security Vulnerability Allows Full Remote Control From Malicious Web SitesJuly 24th, 2007 Security researchers Charlie Miller, Jake Honoroff & Joshua Mason claimed and then demonstrated a prrof-of-concept vulnerability in iPhone which can be used by any website to inject codes in iPhone which will allow full remote control of your iPhone over the internet. The hackers can do everything you can do with your iPhone remotely.
Analysis & Solution: Security Vulnerability Discovered in DWR, Open Source Java AJAX Development FrameworkJanuary 9th, 2007 Security vendor Imperva has identified an access-control vulnerability in DWR, Java Open Source AJAX development framework (stable release 1.1.3 and 2.0), which it says an attacker can use to compromise a DWR based application which may in turn enable him to say break into back-end databases or servers or launch a denial-of-service-attack. On a positive note Imperva commented that DWR, AJAX Web application development framework, is
"emerging as the lingua franca for building new generation Web 2.0 applications" :)
Forceful Method Invocation Attacks
The key issue is how DWR restricts access to not exposed class methods.
Comment Below | 
Email this Article
Loading ...