info@unhackable.org Phone: +877 547 3638

libpng security vulnerability allows execution of arbitrary code

The libpng packages contain a library of functions for creating and manipulating PNG (Portable Network Graphics) image format files. A flaw was discovered in libpng that could result in libpng trying to free() random memory if certain, unlikely error conditions occurred. If a carefully-crafted PNG file was loaded by an application linked against libpng, it […]

Read More »

Ubuntu Security Advisory USN-1361-1: Linux kernel vulnerabilities

Ubuntu Security Notice USN-1361-1 13th February, 2012 linux vulnerabilities A security issue affects these releases of Ubuntu and its derivatives: Ubuntu 10.10 Summary Several security issues were fixed in the kernel. Software description linux – Linux kernel Details Han-Wen Nienhuys reported a flaw in the FUSE kernel module. A local userwho can mount a FUSE […]

Read More »

Security News From Twitter this week

RT @valdesjo77: OpenSSH from Linux to Windows 7 via tunneled RDP http://t.co/yhAA6FuU via @lethalduck #security #tips #sysadminOpenSSH from Linux to Windows 7 via tunneled RDP http://t.co/yhAA6FuU via @lethalduck #security #tips #sysadminApache – Multiple Vulnerabilities – affects 2.0.x-2.0.64 and 2.2.x-2.2.21. #unhackable #security http://t.co/d9G2TfWW

Read More »

Ubuntu Security Advisory: PHP / Upgrades available

A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 11.10 – Ubuntu 11.04 – Ubuntu 10.10 – Ubuntu 10.04 LTS – Ubuntu 8.04 LTS Summary: USN 1358-1 introduced a regression in PHP. Software Description: – php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for […]

Read More »

RedHat Security Advisory: RHSA-2012:0107-1 Important: kernel security and bug fix update

Advisory: RHSA-2012:0107-1 Type: Security Advisory Severity: Important Issued on: 2012-02-09 Last updated on: 2012-02-09 Affected Products: Red Hat Enterprise Linux (v. 5 server) Red Hat Enterprise Linux Desktop (v. 5 client) CVEs (cve.mitre.org): CVE-2011-3638CVE-2011-4086CVE-2011-4127CVE-2012-0028CVE-2012-0207 Details Updated kernel packages that fix multiple security issues and two bugs arenow available for Red Hat Enterprise Linux 5. The […]

Read More »

New PHP5 Vulnerability in php_register_variable_ex() – affects versions <= 5.3.9

Vulnerability ID: CVE-2012-0830 Description: “php_register_variable_ex()” Code Execution Vulnerability Details: A vulnerability has been reported in PHP, which can be exploited by malicious people to compromise a vulnerable system. The irony here is this vulnerability was introduced in a “fix” for another vulnerability (CVE-2011-4885). The vulnerability is caused due to a logic error within the “php_register_variable_ex()” […]

Read More »

Apache – Multiple Vulnerabilities – affects 2.0.x-2.0.64 and 2.2.x-2.2.21

Several vulnerabilities have been found in the Apache HTTPD Server: CVE-2011-3607: Integer overflow in the ap_pregsub function in server/util.c in the Apache HTTP Server 2.0.x through 2.0.64 and 2.2.x through 2.2.21, when the mod_setenvif module is enabled, allows local users to gain privileges via a .htaccess file with a crafted SetEnvIf directive, in conjunction with […]

Read More »

DSA-2384 cacti – multiple vulnerabilities

Several vulnerabilities have been discovered in Cacti, a graphing tool for monitoring data. Multiple cross site scripting issues allow remote attackers to inject arbitrary web script or HTML. An SQL injection vulnerability allows remote attackers to execute arbitrary SQL commands. @debian_security: DSA-2384 cacti – http://goo.gl/g86kW #debian —

Read More »

Potential Malicious Activity or DDoS with SSH – /bin/false is NOT security

Hacker Jordan Sissel wrote a very informative and interesting article about SSH security and the old-school practice of using /bin/false to restrict shell access. Many system administrators are under the incorrect assumption that simply changing an account’s shell to /bin/false renders the account unusable. This is a fallacy. In addition, such a configuration could actually […]

Read More »

A known PHP Vulnerability which allows for file path injections getting more popular – affects PHP =<5.3.6

Vulnerability ID: CVE-2011-2202 A known vulnerability discovered in 2011 affecting many PHP versions has been getting more use recently. As new variations of exploits emerge, even novice hackers are able to use it without much skill. The vulnerability itself is an input validation error which could allow anyone to remotely inject an arbitrary file into […]

Read More »