cPanel mod_php suEXEC Taint Vulnerability

Grok Headline matches for cPanel mod_php suEXEC Taint Vulnerability

cPanel mod_phpsuexec Vulnerability

cPanel mod_phpsuexec Vulnerability 05/24/2004 12:35 PM
Rob Brown (May 23 2004)

Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts

Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts 05/19/2004 02:58 PM
Michael Curtis (May 19 2004)

Re: Non-logged Brute Force Attack
Vulnerability forFantastico-Created
Databases on cPanel Based Hosts

Re: Non-logged Brute Force Attack
Vulnerability forFantastico-Created
Databases on cPanel Based Hosts 05/21/2004 01:00 PM
Michael Curtis (May 20 2004)

Re: Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts

Re: Non-logged Brute Force Attack
Vulnerability for Fantastico-Created
Databases on cPanel Based Hosts 05/21/2004 06:41 PM
Kenneth Peiruza (May 20 2004)

Test-Taint-1.04

Test-Taint-1.04 08/09/2004 11:38 PM

Test-Taint-1.02

Test-Taint-1.02 04/23/2004 05:35 AM

Gentoo Linux Advisory: mod_php, php

Gentoo Linux Advisory: mod_php, php 02/19/2003 02:59 PM
"PHP contains code for preventing direct access to the CGI binary with configure option '--enable-force-cgi-redirect' and php.ini option 'cgi.force_redirect...'"

EnGarde Linux Advisory: php, mod_php

EnGarde Linux Advisory: php, mod_php 02/19/2003 02:59 PM
"A heap-based buffer overflow vulnerability has been found in the wordwrap() function of PHP..."

Hijacking Apache https by mod_php

Hijacking Apache https by mod_php 12/26/2003 08:00 PM
Steve Grubb (Dec 26 2003)

It's insane, this post's taint!

It's insane, this post's taint! 12/19/2004 03:24 PM
So is David Cross now a resident of Wisconsin? He's taken a keen interest in the Journal Sentinel's online columns. First he takes on the technolo gy columnist then the TV/Radio columnist, an entertainmen t reporter and finally a UW-Ex tension consumer horticulture agent. You'll have to scroll down to find the question from "David Cross of Atlanta, GA". [more inside]

The Telco Taint Hits BellSouth

The Telco Taint Hits BellSouth 11/13/2003 08:50 AM
Fortune Nov 13 2003 8:36AM ET

Perl Code Kata: Testing Taint

Perl Code Kata: Testing Taint 12/19/2004 03:27 PM
Persistently practicing good programming will make you a better programmer. It can be difficult to find small tasks to practice, though. Fear not! Here's a 30-minute exercise to improve your testing abilities and your understanding of Perl's taint mode.

cPanel Backup

cPanel Backup 04/11/2005 11:41 PM
cPanel Backup 0.1 Released

Re: cPanel/WHM demo account problems

Re: cPanel/WHM demo account problems 03/31/2005 11:28 PM
Beau Henderson (Mar 31 2005)

CPANEL Vuln : HTML injection

CPANEL Vuln : HTML injection 06/04/2004 12:15 PM
qbann targ (Jun 03 2004)

cPanel/WHM demo account problems

cPanel/WHM demo account problems 03/31/2005 03:23 PM
Richard Stanway (Mar 30 2005)

Webhostgear Introduces Cpanel Script

Webhostgear Introduces Cpanel Script 09/17/2004 02:18 PM
theWHIR Sep 17 2004 6:38PM GMT

Major Cpanel Expliot HTML Injection

Major Cpanel Expliot HTML Injection 06/09/2004 02:01 PM
Virtual Nova Web Hosting services virtualnova.net (Jun 08 2004)

EnGarde Secure Linux Advisory: MySQL,
MySQL-client, MySQL-shared, mod_php, php

EnGarde Secure Linux Advisory: MySQL,
MySQL-client, MySQL-shared, mod_php, php 12/16/2002 04:17 PM
"Stefan Esser from the PHP.net project discovered two vulnerabilities in MySQL which range from crashing the server to executing arbitrary code as the user under which the MySQL daemon runs (mysql)..."

Open source outfit releases
vulnerability for IE vulnerability

Open source outfit releases
vulnerability for IE vulnerability 12/19/2003 01:10 PM
The Register Dec 19 2003 11:57AM ET

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

Re: NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 05/11/2004 06:04 PM
Florian Weimer (May 11 2004)

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP

NISCC Vulnerability Advisory 236929:
Vulnerability Issues in TCP 04/20/2004 02:16 PM
David Ahmad (Apr 20 2004)

IE6 + XP SP2 Vulnerability

IE6 + XP SP2 Vulnerability 09/17/2004 12:37 AM
cns (Sep 15 2004)

802.11 Has DoS Vulnerability

802.11 Has DoS Vulnerability 05/13/2004 08:11 PM
Internet News May 13 2004 11:39PM GMT

Re: [USN-52-1] vim vulnerability

Re: [USN-52-1] vim vulnerability 12/25/2004 05:09 PM
Liu Die Yu (Dec 23 2004)

Php Vulnerability N. 2

Php Vulnerability N. 2 09/16/2004 01:29 PM
Stefano Di Paola (Sep 15 2004)

PHP Vulnerability N. 1

PHP Vulnerability N. 1 09/15/2004 03:20 PM
Stefano Di Paola (Sep 15 2004)

PHP CGI Vulnerability

PHP CGI Vulnerability 02/20/2003 10:46 AM
PHP CGI Vulnerability I don't know how many folks are actually doing php as a CGI but if so ... [17-Feb-2003] The PHP Group today announced the details of a serious CGI vulnerability in PHP version 4.3.0. A security update, PHP 4.3.1, fixes the issue. Everyone running affected version of PHP (as CGI) are encouraged to upgrade immediately. The new 4.3.1 release does not include any other changes, so upgrading from 4.3.0 is safe and painless. [_Go_] I have to commend the php team for NOT including any other changes thereby making it much more likely that affected systems get patched. Good going!

[USN-52-1] vim vulnerability

[USN-52-1] vim vulnerability 12/24/2004 12:36 PM
Martin Pitt (Dec 23 2004)

Vulnerability with XP SP2

Vulnerability with XP SP2 08/18/2004 06:29 AM
Just to bare in mind, Microsoft are dealing with this and are holding off SP2s release on Automatic Update because of it. There's a bug in the implementation of a new security feature; it'd be hard to criticize Microsoft too hard for this problem.

"With Service Pack 2, Microsoft introduces a new security feature which warns users before executing files that originate from an untrusted location (zone) such as the Internet. There are two flaws in the implementation of this feature: a cmd issue and the caching of ZoneIDs in Windows Explorer. The Windows command shell cmd ignores zone information and starts executables without warnings. Virus authors could use this to spread viruses despite the new security features of SP2.

Windows Explorer does not update zone information properly when files are overwritten. So it can be tricked to execute files from the internet without warning."

Heise do concede that it would take a fair amount of user interaction for a virus writer to use this vulnerability. However, as they point out, the powers of social engineering and playing on less IT adept people do mean that it's not that in-conceivable it could happen. With Service Pack 2, Microsoft had clearly been hoping for less vulnerabilities, and will no doubt be disappointed with this news.

View: More info @ Heise.de

Read full story...

KDE Vulnerability

KDE Vulnerability 08/12/2004 06:18 AM

Direct and Related Links for 'KDE Vulnerability'

“Two vulnerabilities have been discovered in KDE, which can be exploited by malicious, local users to perform certain actions on a vulnerable system with escalated privileges. 1) Certain directories and files are created insecurely when a user runs a KDE application outside the KDE environment or as another user. This can be exploited via symlink attacks to overwrite or truncate arbitrary files or prevent KDE applications from accessing certain directories. This vulnerability affects KDE 3.2.3…

[USN-108-1] GDK vulnerability

[USN-108-1] GDK vulnerability 04/06/2005 05:45 PM
Posted by Martin Pitt, Apr 05 2005

Vulnerability in man < 1.5l

Vulnerability in man < 1.5l 03/13/2003 10:22 AM
Jack Lloyd (Mar 11 2003)

Vulnerability in 2.6 and 2.61

Vulnerability in 2.6 and 2.61 03/13/2003 10:15 AM
If you upgraded to 2.6 or 2.61, you need to upgrade immediately to 2.62. There is a security vulnerability in...

IE Vulnerability Flagged

IE Vulnerability Flagged 04/09/2004 03:55 PM
Other Web browsers could also be affected because of a flaw in Internet Explorer's ITS protocol handler, CERT warns.

[USN-141-1] tcpdump vulnerability

[USN-141-1] tcpdump vulnerability 06/22/2005 02:10 AM
Posted by Martin Pitt, Tuesday, 21 June

Nasty new IE vulnerability

Nasty new IE vulnerability 12/09/2003 02:34 PM

Most people reading are probably aware of the common trick whereby spammers and other assorted ne'er-do-wells publish URLs with usernames that look like hostnames to fool people in to trusting a malicious site - for example, http://www.microsoft.com&session%123123123@simon.incutio.com . This trick is frequently used by spammers to steal people's PayPal accounts, by tricking them in to "resetting" their password at a site owned by the spammer but disguised as PayPal.com.

Today's new Internet Explorer vulnerability makes the problem a hundred times worse. By including an 0x01 character after the @ symbol in the fake URL, IE can be tricked in to not displaying the rest of the URL at all. Don't expect a patch for a while either; the guy who discovered the bug released it to BugTraq on the same day he notified the vendor.

WebArtFactory CMS Vulnerability

WebArtFactory CMS Vulnerability 12/17/2003 02:31 PM
Noticias (Dec 16 2003)

New Spoofing Vulnerability in IE

New Spoofing Vulnerability in IE 12/17/2004 06:27 PM

Grok Description matches for cPanel mod_php suEXEC Taint Vulnerability
GrokA matches for cPanel mod_php suEXEC Taint Vulnerability

cPanel mod_php suEXEC Taint Vulnerability

The following phrases have been identified by the grok system as matching this entry: