Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
DESCRIPTION: A vulnerability has been reported in Apache HTTP Server, which can be exploited by malicious people to potentially compromise a vulnerable system. For more information see vulnerability #2 in: SA38776
SOLUTION: Fixed in the SVN repository: http://svn.apache.org/viewvc?view=revision&revision=920961
ORIGINAL ADVISORY: http://httpd.apache.org/security/vulnerabilities_20.html
OTHER REFERENCES: SA38776: http://secunia.com/advisories/38776/
Posted by Raven on Wednesday, March 10, 2010 @ 21:14:10 EST (7 reads) ( | Score: 0)
DESCRIPTION: rPath has issued an update for gzip. This fixes some vulnerabilities, which can be exploited by malicious people to cause a DoS (Denial of Service) and potentially compromise a user's system.
Posted by Raven on Monday, March 08, 2010 @ 19:14:35 EST (31 reads) (Read More... | 921 bytes more | Score: 0)
Critical Security Release Announcement From PHPBB Group
From the PHPBB Group:
We are sorry to announce the immediate release of phpBB 3.0.7-PL1 to address a security issue which was introduced in 3.0.7, unfortunately the issue wasn't noticed during testing and has only surfaced a week after the release of 3.0.7.
We promised working feeds for phpBB 3.0.7. Sadly, we were not able to deliver on that promise - a critical bug in the permission handling for feeds slipped past. To all people who already have updated to 3.0.7, it is of critical importance to update to 3.0.7-PL1. Otherwise, it is possible for users to bypass permission settings under the following circumstances:
- Feeds are enabled
- Any of the posts or topics feeds are enabled
- The unauthorised user - or one of the groups they are a member of - has forum permissions set on a private forum
- If you have excluded a forum from the list of forums that provide feeds, it is unaffected
The fix for the issue is a single line change inside of feed.php, line 525 has changed from:
DESCRIPTION: Tielei Wang has discovered a vulnerability in Google Picasa, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation may allow execution of arbitrary code.
Posted by Raven on Wednesday, February 24, 2010 @ 22:35:15 EST (99 reads) (Read More... | 1128 bytes more | Score: 0)
Internet Security 10 or IS2010
papamike writes "System: WinXP
I doubt that many of you out there have even heard of this threat, but it's real and it's out there to destroy your day. And to keep thing interesting there are varing versions of IS2010. I will brag and tell you that since 1995 I have never had a virus on any of my computers. But, while visiting a website that I frequent in the evening hours to watch old movies, IS2010 jumped all over my computer.
Now if you read up on the threat you will find that it's identified as a Rogue Virus. That is something that sends out fake alerts to get you to usually purchase a virus removal software program to remove the "fake" virus. BE AWARE these programs usually do nothing. Actually I found a website a few minutes ago that offers a program that rids your computer of this threat. You download the program, it scans your system showing threats then informs you that you will need to purchase the software to cleanup the problems. Go here to learn more: http://www.virusremovalguru.com/?p=258
What makes IS2010 so dangerous is that it loads a small executable onto your system which downloads fake alerts in rapid succession and it also changes your wallpaper, freezes your desktop, and prevents you from changing the wallpaper that has been changed to one of theirs which tells you that your system is infected. And each time you reboot it loads everything again until the .exe file is destroyed.
The .exe file is automatically triggered and downloads other viruses, trojans, rogue software, and a rootkit all in such a way that your virus scanning software can't keep up. The user possibly gets extremely taken away by how fast things are happening. Your desktop is frozen you can't download anything except download the program that they claim will solve all of your problems. DO NOT download or purchase it.
Here's what I did to get rid of this thing. "
Posted by Raven on Thursday, February 18, 2010 @ 16:31:30 EST (157 reads) (Read More... | 4878 bytes more | Score: 0)
DESCRIPTION: Some vulnerabilities have been reported in Google Chrome, which can be exploited by malicious people to disclose sensitive information, manipulate certain data, or potentially compromise a user's system. The vulnerabilities are reported in versions prior to 4.0.249.89.
Posted by Raven on Thursday, February 11, 2010 @ 19:15:53 EST (182 reads) (Read More... | 1793 bytes more | Score: 0)
Firefox-based attack wreaks havoc on IRC users
Southern writes "World's first inter-protocol exploit, but not the last
Underscoring a little-known web vulnerability, hackers are exploiting a weakness in the Mozilla Firefox browser to wreak havoc on Freenode and other networks that cater to users of internet relay chat.
Using a piece of javascript embedded into a web link, the hackers force users of the open-source browser to join IRC networks and flood channels with diatribes that include the same internet address. As IRC users with Firefox follow the link, their browsers are also forced to spam the channels, giving the attack a viral quality that has has caused major disruptions for almost a month.
"Huge numbers of users of the Freenode network ended up getting banned themselves because they would click the link and then they would join the network and flood the network," one of the hackers, who goes by the moniker Weev, told The Register. "We get this huge rollover effect."
Posted by Raven on Monday, February 01, 2010 @ 03:32:25 EST (184 reads) ( | Score: 0)
IE vulnerability offers your files to hackers
Southern writes "Jorge Luis Alvarez Medina, a security consultant working for Core Security, has discovered a string of vulnerabilities in Internet Explorer that make it possible for an attacker to gain access to your C drive - complete with files, authentication and HTTP cookies, session management data, etc.
Exploitation of the vulnerability relies solely on the ability for a would-be attacker to provide malicious HTML content from a website and to predict the full path name for the file that will be used to cache it locally on the victim's system," says the advisory Core Security published. "If the entire path name can be predicted, the attacker can cause a redirection to the locally stored file using an URI specified in UNC form and force the local content to be rendered as an HTML document, which will permit to run scripting commands and instantiate certain ActiveX controls."
DESCRIPTION: Some vulnerabilities and weaknesses have been reported in Google Chrome, where some have unknown impacts and others can be exploited by malicious people to disclose potentially sensitive information, bypass certain security restrictions, or compromise a user's system.
Posted by Raven on Tuesday, January 26, 2010 @ 22:55:06 EST (247 reads) (Read More... | 2441 bytes more | Score: 0)
Patch Tuesday heads-up: MS to fix *critical* IE, Office security holes
Just two weeks after the release of exploit code for a critical (remotely exploitable) security hole in its Internet Explorer browser, Microsoft says a fix will be included in this month’s batch of Patch Tuesday updates. Microsoft has already issued an advisory to confirm the severity of the issue, which affects users of Internet Explorer 6 and Internet Explorer 7 on Windows XP, Windows Server 2003, Windows Vista, and Windows Server 2008. In all, Microsoft plans to release six security bulletins next Tuesday (December 8, 2009) to fix security flaws affected IE, Microsoft Office and the Windows operating system. Three of the six bulletins will be rated “critical,” Microsoft’s highest severity rating. A critical vulnerability could result in remote code execution if a user opens a rigged file or simply surfs to malicious Web site.
Microsoft urged customers to pay special attention to the IE update because of the availability of public exploit code and the fact that attackers could launch malware attacks to take complete control of a Windows machine running a vulnerable browser.
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
