Security Hero Rotating Header Image

September, 2009:

Drupal Boost Module Arbitrary Directory Creation Vulnerability

Vuln: Drupal Boost Module Arbitrary Directory Creation Vulnerability

Drupal Boost Module Arbitrary Directory Creation Vulnerability

URL: http://www.securityfocus.com/bid/36561

MD5 hash extension attack breaks API authentication of Flickr and others

Bugtraq: MD5 hash extension attack breaks API authentication of Flickr and others

MD5 hash extension attack breaks API authentication of Flickr and others

URL: http://www.securityfocus.com/archive/1/506825

3339 (email_and_web_security_appliance)

CVE-2009-3339 (email_and_web_security_appliance)

Unspecified vulnerability in McAfee Email and Web Security Appliance 5.1 VMtrial allows remote attackers to read arbitrary files via unknown vectors, as demonstrated by a certain module in VulnDisco Pack Professional 8.9 through 8.11. NOTE: as of 20090917, this disclosure has no actionable information. However, because the VulnDisco Pack author is a reliable researcher, the issue is being assigned a CVE identifier for tracking purposes.

URL: http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2009-3339

DOS attack tool can be used in lab

DOS attack tool can be used in lab

Posted by L. Pop on Sep 2

Hi Guys,

Recently one of our freebsd servers always experience "Socket: No
buffer space available…" Errors, and there are too many FIN_Wait1s
in system, it is likely that we are being DOSed.

Is there any handy DOS simulate tool that i can use in lab to
reproduce the problem….

URL: http://seclists.org/pen-test/2009/Sep/0001.html

DvBBS v2.0(PHP) boardrule.php Sql injection

Bugtraq: DvBBS v2.0(PHP) boardrule.php Sql injection

DvBBS v2.0(PHP) boardrule.php Sql injection

URL: http://www.securityfocus.com/archive/1/506258

[BMSA-2009-06] Remote code execution in BKAV eOffice

Bugtraq: [BMSA-2009-06] Remote code execution in BKAV eOffice

[BMSA-2009-06] Remote code execution in BKAV eOffice

URL: http://www.securityfocus.com/archive/1/506198