CGISecurity Logo

Topics

Tags

  • Web Application Security Consortium (WASC) releases ‘Threat Classifications’ document

    Posted by Robert A on

    in
    , ,
    | |

    WASC has released a web security 'Threat Classifications' document that attempts to help clarify some of the terms used in web security (such as xss, session fixation, insufficient authorization, etc…). Additional information can be found at the link below. http://www.webappsec.org/threat.html

  • Macromedia Flash Activex Buffer overflow

    Posted by Robert A on

    in
    ,
    | |

    www.eeye.com has found a buffer overflow in Macromedia's flash.This hole was found by accident while surfing a websitewhen eeye noticed some strange errors. After further investigation they found that they could inject commandsinto the player stack. Anyone who uses flash is is urged to upgrade to version6 revision 29.

  • Apache Pre 1.3.24 on win32 allows command execution

    Posted by Robert A on

    in
    ,
    | |

    Ory Segal from sanctuminc.com has found ahole in apache versions prior to 1.3.24 which allowsan attacker to execute commands on win 32 versionsof apache. This is considered a serious threat and youshould upgrade immediately. On another note a minorhole in every version was fixed. I have included thatchange log snippet below.— Snippet from change log…

  • Securityfocus.com Defaced

    Posted by Robert A on

    in
    , ,
    | |

    Securityfocus home of bugtraq and other importantsecurity mailing lists was defaced today by theattacker known as "Fluffi Bunni". This is probablythe best known security site on the net and proofanything can be breached if one spends enough time.According to defaced.alldas.de the advertising companywas defaced and fed the image to securityfocusalthough no public statement has been…

  • Opera Browser has several Javascript vulnerabilities

    Posted by Robert A on

    in
    , ,
    | |

    Georgi Guninski has found that the operabrowser is vulnerable to multiple Javascript holes.These holes could allow an attacker to gain furtherprivileges.Opera Browser problems

  • IIS LockDown Tool released

    Posted by Robert A on

    in
    , , ,
    | |

    Microsoft has finally released a tool that helpssecure your IIS machine. This new tool helps patch,and lockdown IIS from well known holes, as well as helping protect itself from unknown holes.Download it below(NOTE: This is also added to our patch section of this site.)IIS Lockdown Tool

  • Microsoft Releases New network Patching tool

    Posted by Robert A on

    in
    ,
    | |

    I found the following link from a bugtraq posting anddecided to post it here. The tool below will patcha network of Windows machines with the latest securityupdates and patches. Below is a list of the platforms supported.Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Advanced Server Microsoft Windows versions 2000, 2000 SP1, 2000 SP2 Professional…

  • Htaccess Tutorial Part 3 released

    Posted by Robert A on

    in
    | |

    Securityfocus has released its 3rd and final installment of "Hardening Htaccess". This section is written to help people to secure port 80 as much as possible and how to block/allow hosts into a particular area of your website. This will be added to the links section for future reference.Read more about it below.Htaccess Part 3

  • Code Red Part 3: Backdooring your IIS machine

    Posted by Robert A on

    in
    , ,
    | |

    Yet another variant of Code Red worm has comeout that not only exploits you but backdoorsyour webserver. It creates a file called root.exewhich is really a copy of your cmd.exe file. Thiswill allow a attacker to execute commands on your machine with complete control. This can also allowpeople to commit large scale ddos attacks with…

  • The Worm that won’t die

    Posted by Robert A on

    in
    , ,
    | |

    Well as everyone knows Code Red Worm is one busy worm.It seems to be so busy in fact that it managed to thissite over 40 times in less then 2 days. Originally we gothit roughly 30 times. Proof enough you need to keep your systems patched and up to date. This worm can be reddenedby…

  • New worm makes its rounds…

    Posted by Robert A on

    in
    ,
    | |

    The new internet worm Called "The Red Worm" is exploiting a well known Microsoft hole.It just started hitting my machine todayand I figured some people may appreciate logsso they know what to look for.A log is located beloww0rm.txtOriginal advisory on the hole it uses is located below.AdvisoryMore info on wormCert.orgPatch for the wormhttp://www.microsoft.com/technet/security/bulletin/MS01-033.asp

  • Sans.org Defaced!

    Posted by Robert A on

    in
    , ,
    | |

    A very well known computer security websiteand training center has been defaced. The defacer known as "Fluffi Bunni" is well knownfor attacks against apache.org, sourceforge,and exodus to name a few.You can read more about his past attacks inthe old news section of this site.Sans.org Mirror listed belowSans.org Defaced

Favorite Links

Twitter

Twitter

Popular Pages

WASC Threat Classification

Copyright 2000-2026 CGISecurity.com – The oldest application security site online, predating OWASP.