Archive for February, 2010

e107 latest download link is backdoored

Posted by admin in Monday, February 1st 2010   
Topics: Security    Tags: , , ,
No Comment

The latest version of e107, version 0.7.17 contains a PHP backdoor.
http://e107.org/e107_files/downloads/e107_v0.7.17_full.zip
I’ve just downloaded this file and while looking through the code, I’ve
found the following piece of code:

Sun Java System Web Server WebDAV Unspecified Remote Buffer Overflow Vulnerability

Posted by admin in Monday, February 1st 2010   
Topics: Security    Tags: , , , , , , , , , , , , , ,
No Comment

Sun Java System Web Server is prone to a buffer-overflow vulnerability because the application fails to perform adequate boundary checks on user-supplied data. The issue affects the WebDAV functionality.
Currently very few technical details are available. We will update this BID as more information emerges.
Attackers can exploit this issue to execute arbitrary code within the context [...]

Forms and URLs

Posted by admin in Monday, February 1st 2010   
Topics: Security    Tags: , , , , , , ,
No Comment

Covers form processing and attacks such as cross-site scripting and cross-site request forgeries.  

Forms and Data
Semantic URL Attacks
File Upload Attacks
Cross-Site Scripting
Cross-Site Request Forgeries
Spoofed Form Submissions
Spoofed HTTP Requests

PHP Security Important Mistakes …

Posted by admin in Monday, February 1st 2010   
Topics: Security    Tags: , , , , , , , , , , ,
No Comment

The purpose of this document is to inform PHP programmers of common security mistakes that can be overlooked in PHP scripts. While many of the following concepts may appear to be common sense, they are unfortunately not always common practice. After applying the following practices to your coding, you will be able to eliminate the [...]

Page 2 of 2«12