Linux Worm Exploits PHP XMLRPC Vulnerability

June 29th, 2006 KeyCoder has discovered a vulnerability in the MyAds module for Xoops, which can be exploited by malicious people to conduct SQL injection attacks. Input passed to the "lid" parameter in annonces-p-f.php isn't properly sanitised before being used in a SQL query.

July 5th, 2005 PHPXMLRPC aka XML-RPC For PHP is a PHP implementation of the XML-RPC, web RPC protocol, and was originally developed by Edd Dumbill of Useful Information Company. As of the 1.0 stable release, the project has been opened to wider involvement and moved to SourceForge.

February 20th, 2006 A computer worm has been found in the wild that targets Apple Computer's Mac OS X operating system. It is believed to be the first such worm aimed specifically at the Mac platform.

July 6th, 2009 SAN JOSE, Calif. — Microsoft Corp.

April 22nd, 2007 Active immunization is an extremely interesting technique in fighting against internet based viruses, trojans and worms. Laurent Oudot of the Rstack team created a prototype in 2003.

November 14th, 2005 A vulnerability has been reported in Macromedia Flash Player 7, which can be exploited by malicious people to compromise a user's system. The vulnerability is caused due to missing validation of the frame type identifier that is read from a SWF file.

June 21st, 2006 A new e-mail worm, Sixem-A, is on the loose that preys on the intense worldwide interest in the football World Cup. It began circulating earlier this week, and has just recently been blocked by few antivirus vendors.

December 16th, 2005 A cross-site scripting (XSS) vulnerability has been discovered in the Apache httpd server's mod_imap module which allows remote attackers to inject arbitrary web script or HTML via the Referer when using image maps. Input passed to the image map "Referer" directive in "mod_imap" isn't properly sanitised before being returned to the user.

July 18th, 2006 Naveed has discovered a vulnerability in Microsoft PowerPoint, which potentially can be exploited to compromise any user's system. The vulnerability has been confirmed on Windows XP SP2 with a fully patched PowerPoint 2003.

March 19th, 2009 CHENNAI - City-based IT firm ChennaiNet Thursday launched a new solution that will help individuals and companies spot the holes in their networking software and fix them at once. 'Our online tool Automated Vulnerability Assessment and Reporting Services (AVARS) spots the holes in software or in other networks and reports the same immediately,' ChennaiNet chief executive M.L.

June 19th, 2006 rgod has discovered a vulnerability in Mambo & Joomla, which can be exploited to conduct SQL injection attacks. Input passed to the "Name" field when submitting a web link isn't properly sanitised before being used in a SQL query.

July 18th, 2006 Bipin Gautam has reported a vulnerability in Outpost Firewall Pro, which can be exploited by local users to cause a DoS (Denial of Service). The vulnerability is caused due to an unspecified error in the Virtual Firewall driver (filtnt.sys) and can be exploited to crash the system by e.g.

December 18th, 2005 A critical vulnerability, found in some versions of Apple's popular iTunes software, could enable attackers to remotely take over a user's computer, according to a warning issued by eEye. This flaw existed on the earlier version of iTunes 6 for Windows and was not addressed by the latest security update.

June 29th, 2006 Kw3[R]Ln has discovered a vulnerability in the MOD_CBSMS module for Mambo, which can be exploited to compromise a machine serving Mambo CMS. Input passed to the "mosConfig_absolute_path" parameter in mod_cbsms_messages.php isn't properly verified, before it is used to include files.

June 30th, 2005 WordPress developers have posted yet another "security" update. Again, as always, you have to delete everything (except wp-content/ and config.php) and re-install from scratch.