При Гого
|
 |
Меню |  |
| Галерия
Блог Наръчници Програми Джаджи Програма СВ |
||
|
За връзка | |
|
Други | |
| Slackware Book Bugtraq Geodar.com stats Linux for Bulgarians! PacketStormSecurity |
||
Новинки:• 20ти Септември: Взехме си кола :)• 4ти Октомври: Добавен Macbook 2.0GHz в Джаджи • 4ти Октомври: Добавена Yamaha YPG-625 в Джаджи • 9ти Февруари: Обновена програма за пролет 2006 • 23ти Януари: Добавих статистики за потдомейните на geodar.com. • 19ти Януари: Галя и Коцето ще се женят!Ето малко снимки от годежа. • 27ми Декември: PGP ключа ми изтича днес. Кликнете тук за новят ми ключ. • 24ти Декември: Добавих iBoko G4 в Джаджи • 22ри Декемрви: купих си iBook :D • 10ти Декемрви: Добавих секция Програми |
Блог:• Вси светии• Училище свърши, започна работата! • Пържене на домати • Взехме си ролери • Perl скрипт за пращане на писма през Gmail • Ориз • Чугунен тиган • Архивиране на видео подкаст • За телешките пържоли • Нова категория |
/.• Dark Matter Discovered Near Solar System?• Google Chrome OEM Strategy To Take On IE • Chinese Hacking of American Military Networks On the Rise • After Columbine, Eric Holder Advocated Internet “Restrictions” • DARPA’s IBM-Led Neural Network Project Seeks to Imitate Brain • Microsoft Blames Add-Ons For Browser Woes • Worm Attack Prompts DoD to Ban Use of External Media • US Officials Flunk Test On Civic Knowledge • Final Judgment - SCO Loses, Owes $3,506,526 • How To Help Our Public Schools With Technology? • RICO Class Action Against RIAA In Missouri • A Web App For Real-Time Collaborative Writing • Lori Drew Cyber-Bullying Trial Begins • E=mc^2 Verified In Quantum Chromodynamic Calculation • Torvalds’s Former Company Transmeta Acquired and Gone • Obama’s Mobile Phone Records Compromised, Shared • AP Suspends DoD Over Altered US Army Photo • Silverlight On the Way To Linux • Hacks Allowing Disabled Gamers To Play Guitar Hero • Oblong’s g-speak Brings “Minority Report” Interface To Life |
NewsForge:• The tanking economy and OSS• SimplyMEPIS: The best desktop Linux you haven't tried • A graphical way to MySQL mastery • Using external commands in Nagios • SoftMaker Office 2008 focuses on compatibility with Microsoft Office • Speed up your Internet access using Squid's refresh patterns • Sun wrestles itself with StarOffice 9 • Manage your music with ID3 tag editors • Doing a diff without touching the command line • iPhone applications for the Linux user • sK1 vector in on good illustrations • Treat your C code like scripts with C Cod • Slumberland rests easy after move away from proprietary Unix • Crafting offers and invoice documents with Kraft • Enrich your Joomla! site with image extensions • Bug Labs creates open source Lego for software engineers • Set Mantis to track your bugs • Back-of-the-napkin calculations with Frink • Ace Suares: A big Linux advocate on a small island (video) • Clone your Ubuntu installation onto a new hard disk |
Bugtraq:• Vuln: TkUsr Insecure Temporary File Creation Vulnerability• Vuln: TAU Tuning and Analysis Utilities Insecure Temporary File Creation Vulnerabilities • Vuln: No-IP Dynamic Update Client for Linux Remote Buffer Overflow Vulnerability • Vuln: Mozilla Firefox/Thunderbird/Seamokey Arbitrary Image Cross Domain Security Bypass Vulnerability • Bugtraq: DDIVRT-2008-15 iPhone Configuration Web Utility 1.0 for Windows Directory Traversal • Bugtraq: OpenSSH security advisory: cbc.adv • Bugtraq: KVIrc 3.4.2 Shiny (uri handler) remote command execution exploit • Bugtraq: ZDI-08-076: EMC Control Center SAN Manager SST_SENDFILE Remote File Retrieval Vulnerability • More rss feeds from SecurityFocus |
|
PacketStormSecurity:• MDVSA-2008-235.txt - Mandriva Linux Security Advisory 2008-235 - A number of security vulnerabilities have been discovered and corrected in the latest Mozilla Thunderbird program, version 2.0.0.18. This update provides the latest Thunderbird to correct these issues.• cambridge-sql.txt - VisitCambridge.org suffers from a remote SQL injection vulnerability. • verlihub-exec.txt - Verlihub versions 0.9.8d-RC2 and below suffer from a remote command execution vulnerability due to a lack of input sanitization. • DDIVRT-2008-15.txt - The iPhone Configuration Web Utility 1.0 for Windows web interface is vulnerable to a common web directory traversal attack. Successful exploitation will result in arbitrary read-onlyfile access outside of the iPhone Configuration Web Utility 1.0 web root. • openssh-cbc-adv.txt - The OpenSSH team has been made aware of an attack against the SSH protocol version 2 by researchers at the University of London. Unfortunately, due to the report lacking any detailed technical description of the attack and CPNI's unwillingness to share necessary information, they are unable to properly assess its impact. • joomlathyme-sql.txt - The Joomla Thyme component version 1.0 suffers from a remote SQL injection vulnerability. • BitDefenderDOS.zip - Proof of concept malicious pdf file that causes a denial of service and infinite loop in BitDefender using the pdf.xmd module. • fwknop-1.9.9.tar.gz - fwknop implements an authorization scheme that requires only a single encrypted packet to communicate various pieces of information, including desired access through a Netfilter policy and/or specific commands to execute on the target system. The main application of this program is to protect services such as SSH with an additional layer of security in order to make the exploitation of vulnerabilities much more difficult. The authorization server works by passively monitoring authorization packets via libpcap. Added support to fwknop for the Linux 'any' interface. Added support for interfacing fwknop with third party software through the addition of three new variables in the access.conf file.Various other fixes and additions. • kvirc-exec.txt - KVIrc version 3.4.2 Shiny URI handler remote code execution exploit. • vcalendar-disclose.txt - VCalendar suffers from a remote database disclosure vulnerability. • ZDI-08-076.txt - A vulnerability allows remote attackers to retrieve arbitrary files on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_SENDFILE requests the service does not validate the requestor allowing any remote attacker to download arbitrary files. • ZDI-08-075.txt - A vulnerability allows remote attackers to execute arbitrary code on systems with vulnerable installations of EMC Control Center SAN Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists in the SAN Manager Master Agent service (msragent.exe) which listens by default on TCP port 10444. While processing SST_CTGTRANS requests the process copies packet data into a fixed length stack buffer. Exploitation allows for arbitrary code execution under the context of the SYSTEM user. • toursmanager-blindsql.txt - ToursManager suffers from a blind SQL injection vulnerability in tourview.php. • phprsgal-sql.txt - phpRS versions 2.6.x and 2.8.x suffer from a remote SQL injection vulnerability in gallery.php. • MDVSA-2008-233.txt - Mandriva Linux Security Advisory 2008-233 - A heap overflow was found in the CDDB retrieval code of libcdaudio, which could result in the execution of arbitrary code. In addition, the fixes for were not applied to newer libcdaudio packages as shipped with Mandriva Linux, so the patch to fix that issue has been applied to 2008.1 and 2009.0 (this was originally fixed in MDKSA-2005:075). This issue is a buffer overflow flaw found by Joseph VanAndel. Corporate 3.0 has this fix already applied. The updated packages have been patched to prevent these issues. ... |
|