More Cross site Scripting in PHPNuke PHPNuke seems to have a horrible security track record, but continues to be quite popular. No statement from the PHPNuke folks yet, but if you're using a rapid site development tool, don't forget to consider the security implications. "Cross site…
PacketStormSecurity Announces New Corporate Alliances; Will Raise $25M in Angel/VC Funding An announcement was made early this morning via the major wire services that the Internet's premiere information security resource, PacketStorm (http://www.packetstormsecurity.org) would be eschewing the general trend in the market and amidst fears of imminent bankruptcy due to operational losses…
RedHat: ‘zlib’ Denial of service This vulnerability makes it easy to perform various denial-of-service attacks against such programs. It is also possible that an attacker could manage a more significant exploit, such as running arbitrary code on the affected system.…
RedHat: Korean installation program creates files Due to the kernel used in the Red Hat Linux 7.1 Korean installationprogram, some files are written by the installation program with the wrongpermissions.…
RedHat: ‘util-linux’ Elevated privileges vulnerability New util-linux packages are available that fix a problem with /bin/login'sPAM implementation. This could, in some non-default setups, cause users toreceive credentials of other users. It is recommended that all usersupdate to the fixed packages.…
RedHat 6.2: Kerberos 5 vulnerability A number of possible buffer overruns were found in libraries includedin the affected packages. A denial-of-service vulnerability was also foundin the ksu program.…
RedHat 6.2: UPDATED: Piranha web GUI exposure The GUI portion of Piranha may allow any remote attacker to execute commands on the server.…
RedHat 6.x: Vulnerability with openldap Local users can destroy the contents of any file on any mounted filesystem.…
RH6.0: amd (RHSA-1999:032-01) New packages of am-utils are available for all Red Hat Linux platforms. This version includes an important security fix for a buffer overrun problem which is being actively exploited on the Internet.…