Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: Multiple vulnerabilities have been reported in Google Chrome, where some have an unknown impact and others can potentially be exploited by malicious people to compromise a vulnerable system.
Posted by Raven on Monday, July 05, 2010 @ 22:49:12 EDT (589 reads) (Read More... | 2250 bytes more | Score: 0)
DESCRIPTION: A vulnerability has been reported in TortoiseSVN, which can be exploited by malicious people to conduct spoofing attacks. The vulnerability is caused due to the use of a vulnerable version of the neon library.
For more information: SA36371. Note: This also fixes a Denial of Service when processing certain XML entities.
Posted by Raven on Saturday, July 03, 2010 @ 18:05:02 EDT (582 reads) (Read More... | 1001 bytes more | Score: 0)
HTML 5 Comes With SQL Injection Risks
nb1 writes " Internet Explorer 9 and Firefox 4 will support it, and Microsoft recently touted its advantages. But the upcoming version of HTML, which builds rich Internet application features into the Web programming language and shifts more Web functions to the client machine, also could open up new Web attack vectors. Read the full article"
Posted by Raven on Thursday, May 13, 2010 @ 09:18:05 EDT (649 reads) ( | Score: 0)
DESCRIPTION: Some vulnerabilities have been reported in MySQL, which can be exploited by malicious users to bypass certain security restrictions or potentially compromise a vulnerable system and by malicious people to cause a DoS (Denial of Service). Successful exploitation of this vulnerability may allow execution of
arbitrary code. The vulnerabilities are reported in versions prior to 5.1.47.
Posted by Raven on Wednesday, May 12, 2010 @ 19:56:02 EDT (760 reads) (Read More... | 1532 bytes more | Score: 0)
phpnuke.org has been compromised
"From Snype @ www.phpnuke-install.com: Posted on Saturday, May 08, 2010 @ 07:06:19 CDT"
Snype writes:
PHP-Nuke is a popular Web content management system (CMS), based on PHP and a database such as MySQL, PostgreSQL, Sybase, or Adabas. Earlier versions were open source and free software protected by GNU Public License, but since then it has become commercial software. As it is still very popular in the Internet community, it is not surprising that it has become a target [yet again] of blackhat attacks.
WARNING: At the time of writing the front page of phpnuke.org still contains the malicious iframe, so we advise users to stay away from the site until it has been fixed.
Posted by Raven on Monday, May 10, 2010 @ 08:44:46 EDT (798 reads) ( | Score: 0)
Apache.org hit by targeted XSS attack, passwords compromised
Combining a cross-site scripting (XSS) vulnerability with a TinyURL redirect, hackers successfully broke into the infrastructure for the open-source Apache Foundation in what is being described as a “direct, targeted attack.”
The hackers hit the server hosting the software that Apache.org uses to it to track issues and requests and stole passwords from all users. The software was hosted on brutus.apache.org, a machine running Ubuntu Linux 8.04 LTS, the group said.
The passwords were encrypted on the compromised servers (SHA-512 hash) but Apache said the risk to simple passwords based on dictionary words “is quite high” and urged users to immediately rotate their passwords. ”In addition, if you logged into the Apache JIRA instance between April 6th and April 9th, you should consider the password as compromised, because the attackers changed the login form to log them,” Apache said.
Posted by Raven on Tuesday, April 13, 2010 @ 15:42:01 EDT (1613 reads) ( | Score: 0)
Google releases web security scanner
nb1 writes "Google has released an open source scanner that allows web application developers to test their applications for security holes. The application, called Skipfish, offers a similar functionality to that of tools such as Nmap or Nessus, but it's said to be much faster. Using fully automated heuristics, it detects code that is vulnerable to cross-site scripting attacks (XSS), SQL and XML injection attacks and many other attack types. The tool's comprehensive post-processing of the individual test results is designed to help with the interpretation of the final report.
Skipfish is a pure C implementation and according to Google, can easily process 2,000 HTTP requests per second – provided the tested server can handle such a high load. In individual tests across local networks, 7,000+ requests per second have reportedly been sent with a modest CPU load and memory footprint.
Google achieves this high performance via a serial I/O model which processes responses asynchronously and is said to offer much better scalability than traditional multi-threaded approaches with synchronous request processing. Optimised HTTP connection handling via features such as HTTP 1.1 range requests, keep-alive connections and data compression are designed to keep Skipfish's network bandwidth requirements in check.
Google says that it uses the scanner to test its own web applications for insecure interfaces. However, Google also points out that the security checks are far from comprehensive and do not satisfy most of the Web Application Security Consortium's (WASC) Web Application Security Scanner Evaluation Criteria criteria.
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to conduct spoofing attacks and bypass certain security restrictions.
Posted by Raven on Thursday, March 18, 2010 @ 20:28:35 EDT (998 reads) (Read More... | 1790 bytes more | Score: 0)
SecurityFocus to partially shut down
nb1 writes "Symantec has announced that it plans to shut down part of its SecurityFocus security information portal. The company says that only the Mailing Lists, including Bugtraq, and its Vulnerability Database will remain online Starting on the 15th of March, SecurityFocus will begin transitioning its content to the Symantec Connect site.
Founded in 1999, SecurityFocus was acquired in 2002 by Symantec, the company behind another acquisition the popular Norton range of security products. In addition to its various mailing lists and vulnerability database, SecurityFocus maintains a comprehensive collection of articles and papers on a number of security issues. The site has also served as a reliable source for news from security experts on the latest security threats and problems.
DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #2 in: SA38776
SOLUTION: Fixed in the SVN repository: http://svn.apache.org/viewvc?view=revision&revision=920961
ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html
OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/
Posted by Raven on Wednesday, March 10, 2010 @ 21:14:10 EST (640 reads) ( | Score: 0)
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
