SecurityReason - Our Reason is Security

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

News: SecurityReason

» PHP 5.2.6 Exploit (safe_mode bypass)

SecurityReason presents new exploit for "PHP 5.2.6 safe_mode bypass" issue. Exploit allow read file from another directory...

» PHP 5.2.6 safe_mode bypass

» *BSD libc (strfmon) Multiple vulnerabilities

» PHP5 : *printf() Integer Overflow

News: World

» Hackers target outsourced app development

Many firms fail to think about security when they outsource application development.

Three in five (60 per cent) organisations overlook procedures to mandate security in software development outsourcing, according to a study by analysts Quocirca. One in five (20 per cent) fail to consider security even when building applications in-house.

» Security researchers show how to hook phishers

» Symantec and Trend grapple with buffer overflow bugs

» Veteran defence hacking suspect cuffed in Greece

News: Virus

» Growing virus production taxes security firms

The volume - if not the variety - of malware samples has undergone almost exponential growth over the last three years.

Malware samples reached 5,490,960 in 2007, five times more than the 972,606 recorded in 2006; which was itself almost three times more than the 333,425 recorded in 2005. The figures, compiled by AV-Test.org, represent a growth in the number of variants of the same piece of malware rather than the creation of numerous new malware strains.

» Dutch regulator slaps spyware purveyors with 1m fine

» New Vulnerability in QuickTime

» Passwords on the loose

	SecurityAlert: Mo	nitor
	24.07.2008 -	PHPizabi 0.848b C1 HFP1 Remote Code Execution Exploit

	23.07.2008 -	Ultrastats <= 0.2.142 (players-detail.php) Blind SQL Injection Exploit

	23.07.2008 -	[DSECRG-08-030] Claroline 1.8.9 Multiple Security Vulnerabilities

	23.07.2008 -	PPMate PPMedia Class ActiveX Control Buffer Overflow PoC

	23.07.2008 -	tplSoccerSite 1.0 Multiple Remote SQL Injection Vulnerabilities

	WLB: Monitor
	24.07.2008 -	CAU-EX-2008-0002: Kaminsky DNS Cache Poisoning Flaw Exploit

	24.07.2008 -	Kaminsky DNS Cache Poisoning Flaw Exploit for Domains

	24.07.2008 -	CSRF (Cross-site Request Forgery) on Moodle edit profile page

	24.07.2008 -	Vulnerability: SocialEngine (SocialEngine.net) high risk security flaw

	24.07.2008 -	Outpost Security Suite Pro ver. 2009 Multiple vulnerabilities

	ExploitAlert:	Monitor
	24.07.2008 -	Pre Survey Poll (default.asp catid) SQL Injection Vulnerability

	24.07.2008 -	BIND 9.4.1-9.4.2 Remote DNS Cache Poisoning Flaw Exploit (meta)

	24.07.2008 -	YouTube Blog 0.1 (RFI/SQL/XSS) Multiple Remote Vulnerabilities

	23.07.2008 -	IntelliTamper 2.07 (server header) Remote Code Execution Exploit

	23.07.2008 -	IntelliTamper 2.0.7 (html parser) Remote Buffer Overflow Exploit

Virus: Monitor

» 23 Jul 2008 JS/Dloadr-BOM

» 23 Jul 2008 Troj/Agent-HHC

» 23 Jul 2008 Troj/Delf-FAY

» 23 Jul 2008 Troj/FakeAV-AP

» 23 Jul 2008 Troj/Mdrop-BUB

» 23 Jul 2008 Troj/Rootkit-DC

» 23 Jul 2008 Troj/Spywad-AZ

» 23 Jul 2008 W32/Sality-AM

» 23 Jul 2008 Troj/Fakeav-AO

» 23 Jul 2008 Troj/Bckdr-QOM

	Alert
BSD libc (strfmon) Multiple vulnerabilities - 2008-03-25 Maksymilian Arciemowicz discovered a Integer Overflow vulnerability in the libc library "strfmon()" function.A vulnerability could allow an attacker who successfully exploits this vulnerability to take control of the affected BSD systems.


	Apache
» Apache-SSL memory disclosure

» Apache mod_negotiation Xss and Http Response Splitting

» Apache (mod_status) Refresh Header - Open Redirector (XSS)

» Apache (mod_proxy_ftp) Undefined Charset UTF-7 XSS Vulnerability



	PHP
» PHP 5.2.6 chdir(),ftok() (standard ext) safe_mode bypass

» PHP 5.2.6 posix_access() (posix ext) safe_mode bypass

» PHP 5.2.5 and prior : *printf() functions Integer Overflow

» PHP 5.2.5 cURL safe_mode bypass