Security Hero Rotating Header Image

PHP

PHP Versions Prior to 5.3.1 Multiple Vulnerabilities

Vuln: PHP Versions Prior to 5.3.1 Multiple Vulnerabilities

PHP Versions Prior to 5.3.1 Multiple Vulnerabilities

URL: http://www.securityfocus.com/bid/37079

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

ARM Expects Mobile Phones with Dual-Core Processors Next Year.

Dual-core central processing units (CPUs) were considered a breakthrough in the personal computer industry back in 2005. In 2010, dual-core chips, albeit powered by processors with different micro-architecture, are set to enter the market of mobile phones, according to ARM, a leading developer of processors for portable electronics.

“We donˇ¦t need silly GHz speeds. With our dual-core A9, we can get two times the performance, without the speed draining the battery, so by the time you get home your phone is dead,ˇ¨ said Rob Coombs, director of mobile solutions for ARM, in an interview with TechRadar web-site.

Mr. Coombs added that ARM hopes that actual implementers would introduce dual-core processors for mobile phones sometime in 2010, but still, delays to 2011 were possible.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=33626

Acer Reveals First 3D Laptop

Acer Reveals First 3D Laptop

Acer has been a busy little bee today, revealing various products like the Windows 7 Multitouch notebook and the 11.6-inch Aspire Timeline CULV notebook. Acer also displayed the world’s first mainstream 3D laptop during the press conference today as well, the oddly-named Acer Aspire 5738PG.

According to Pocket Lint’s hands-on report, the device doesn’t use hardware-based 3D acceleration like Nvidia’s 3D Vision GPU, but rather relies on a software solution called Acer 3D CineReal and the TriDef suite. However the software works in conjunction with a special 3D coating on the laptop’s screen and a pair of polarized glasses.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=33377

DvBBS v2.0(PHP) boardrule.php Sql injection

Bugtraq: DvBBS v2.0(PHP) boardrule.php Sql injection

DvBBS v2.0(PHP) boardrule.php Sql injection

URL: http://www.securityfocus.com/archive/1/506258

4334

4334

IRC/SdBot, JS/Exploit.Pdfka.NLC, Win32/AutoRun.ABH, Win32/AutoRun.FakeAlert.AF (2), Win32/AutoRun.FakeAlert.CV (2), Win32/AutoRun.FlyStudio.PJ, Win32/Flyagent.NBT, Win32/FlyStudio.NRL (2), Win32/Httpbot.XS, Win32/IRCBot.AMQ (2), Win32/KillAV.NEQ (2), Win32/KillAV.NER, Win32/Kryptik.AEP, Win32/PcClient (2), Win32/PSW.Consgra.A (2), Win32/SpamTool.Tedroo.AB (2), Win32/Spy.Banbra.NPZ, Win32/Spy.Banker.RMQ, Win32/Spy.Banker.SAA, Win32/Spy.Banker.SAD, Win32/Spy.Zbot.JF (3), Win32/TrojanClicker.Agent.NGR

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6367&Itemid=26

Chinese hackers attack Melbourne Film Festival website

Chinese hackers attack Melbourne Film Festival website

HACKERS have defaced the website of the Melbourne Film Festival over a documentary about an exiled separatist leader accused by China of plotting riots.

Messages attacking Uighur leader Rebiya Kadeer, along with images of the Chinese flag, were posted on the festival’s site over the weekend.

Festival director Richard Moore said the intruders were using a Chinese IP address and he had reported the matter to police. Mr Moore said the attacks came after pressure from the Chinese Government to remove the film from the festival.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=32449

IXXO Cart! Standalone and Joomla Component SQL Injection

Re: IXXO Cart! Standalone and Joomla Component SQL Injection

Posted by YEHG Group on Jul 26

Thanks, I’ll update the database of

http://www.owasp.org/index.php/Category:OWASP_Joomla_Vulnerability_Scanner_Project

On Sat, Jul 25, 2009 at 3:57 PM, SmOk3<smok3f00_at_gmail.com> wrote:

> Original advisory at:

> …

URL: http://seclists.org/fulldisclosure/2009/Jul/0394.html

4276

4276

VBS/Slogod.NAB (2), Win32/Adware.Gamevance.AB (5), Win32/Adware.Gamevance.AC, Win32/FlyStudio.NPY, Win32/Injector.TW, Win32/PSW.OnLineGames.OMB (4), Win32/PSW.OnLineGames.OMC, Win32/Spy.Delf.NQV, Win32/TrojanDownloader.FakeAlert.AFK (2)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6295&Itemid=26

4273

4273

INF/Autorun, Win32/AdClicker.NAF (2), Win32/Agent.PWO, Win32/AutoRun.FakeAlert.AF, Win32/Flyagent.NBP, Win32/Flyagent.NBQ, Win32/Injector.TU, Win32/Peerfrag.CP, Win32/Protector.C, Win32/PSW.Delf.NQU (2), Win32/Spy.Banbra.NSA (2), Win32/Spy.Banbra.NSB (2), Win32/Spy.Banbra.NSC (2), Win32/Spy.Banbra.NSD (2), Win32/Spy.Banbra.NSE (2), Win32/Spy.Banker.OXC, Win32/Spy.Banker.PBI (3), Win32/Spy.Delf.NWK (2), Win32/Spy.Zbot.JF (4), Win32/Spy.Zbot.TK, Win32/Spy.Zbot.TL, Win32/TrojanDownloader.FakeAlert.AEL, Win32/TrojanDropper.Agent.OFY (2), Win32/VB.OJJ (2)

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6292&Itemid=26

4272

4272

Win32/Adware.UnVirex.A (2), Win32/Agent.NYU (6), Win32/AutoRun.ABH, Win32/Delf.NNN, Win32/Injector.TK, Win32/Injector.TM, Win32/Injector.TQ, Win32/KillAV.NEG, Win32/Kryptik.AAB, Win32/Kryptik.AAE, Win32/Olmarik.JV, Win32/PSW.Delf.NQR (2), Win32/Spy.Banbra.NQX, Win32/Spy.Banker.QSP, Win32/Spy.Banker.QTE, Win32/Spy.Banker.RFK, Win32/Spy.Banker.RFM, Win32/Spy.Banker.RFP, Win32/Spy.Banker.RGW, Win32/Spy.Delf.NUL, Win32/TrojanDownloader.FakeAlert.AAA, Win32/TrojanDropper.Agent.OFW

URL: http://www.eset.com/joomla/index.php?option=com_content&task=view&id=6291&Itemid=26

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities

Vuln: phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities

phpDirectorySource SQL Injection and Cross Site Scripting Vulnerabilities

URL: http://www.securityfocus.com/bid/35760

OCS 2007 R2 Penetration testing

Re: OCS 2007 R2 Penetration testing

Posted by Jerome Athias on Jul 20

Hi,

you should be interested by OAT (OCS Assessment Tool) (

http://voat.sf.net ) (v1.0)

And for sure, by OCS Assessment Tool v2, presented at FRHACK by Abhijeet

Hatekar (Sipera Systems <http://www.sipera.com/>)

http://www.frhack.org/frhack-conference.php#Unified-Communications-Security…

URL: http://seclists.org/pen-test/2009/Jul/0066.html

Sprint’s CEO Rakes in $15.5M in Compensation

Sprintˇ¦s CEO Rakes in $15.5M in Compensation

Dan Hesse, CEO at Sprint-Nextel Corp. took home 30 percent bigger of a bonus for 2008 than expected, raking in $2.6 million. His overall compensation package came in at $15.5 million, with a base salary of $1.2 million.

Sprint shares have lost more than 70 percent of their value since the beginning of 2008.

It also lost 4.6 million customers during 2008, losing $2.8 billion, but Sprint spokesman James Fisher told the Wall Street Journal that the carrier has actually shown improvement, including cutting $1 billion in costs and renegotiating its credit positionˇXa position with which many analysts agree.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31544

Yet another company decides to get into the Mac cloning game

Yet another company decides to get into the Mac cloning game

Psystar has had a rather lackluster showing in its attempt to sell unauthorized Mac clonesˇXbesides Apple suing the pants off the company, Psystar has also filed for bankruptcy after just a year in existence. Now, a new company in Los Angeles hopes to somehow escape the wrath of Apple Legal byˇXget thisˇXopening a brick and mortar retail store. Quo Computer is set to open for business next Monday, June 1.

“It’s exciting. We are trying to stay as close to Apple as we can with our products,” Rashantha De Silva, Quo founder, told CNET. “We are trying to mimic things as much as we can. I’m hoping that Apple sees the value in what we are doing.”

Here in Orbiting HQ, we’re approximately 100 percent certain Apple will not see the value in a company that has the stated purpose of mimicking Apple’s hardware as closely as possible. There’s a word for trying to duplicate another company’s products as closely as possible and then trying to sell them: rip-off.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31543

Security update for Xvid

Security update for Xvid

The Xvid developers have released version 1.2.2 of their MPEG-4 codec to fix three security-related issues. One of the flaws reportedly prevents a function of the xvidcore library from checking the resync marker range correctly.

In its short announcement, Xvid Solutions do not mention whether the flaws can be exploited for injecting code via specially crafted videos. However, the developers highly recommend that users update. The update also offers various minor improvements, for example more precision for RGB-to-YUV colour conversions.

URL: http://www.hackinthebox.org/index.php?name=News&file=article&sid=31542