SecurityReason - Our Reason is Security

	SecurityReason
News

Search

SecurityAlert

About SecurityAlert

ExploitAlert

SecurityReason Research

	WLB
WLB Database

Send to WLB

About WLB

	RSS
News

SecurityAlert

World Laboratory of Bugtraq

ExploitAlert

Apache

PHP

	Corporate
Contact

About us

	Services
SecurePHP


	Note
If you have found a vulnerability, please send to our SecurityAlert Database : secalert()securityreason()com Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive : exploit()securityreason()com

News: SecurityReason

» PHP 5.2.8 bug free

SecurityReason realised new advisory about vulnerabilities in PHP 5 "PHP 5.2.6 SAPI php_getuid() overload ". The main problem exist in the SAPI initialization proces...

» Cross-site request forgery via ftp daemons

» libc/net inet_net_pton() bug

» PHP 5.2.6 Exploit (safe_mode bypass)

News: World

» Hackers target outsourced app development

Many firms fail to think about security when they outsource application development.

Three in five (60 per cent) organisations overlook procedures to mandate security in software development outsourcing, according to a study by analysts Quocirca. One in five (20 per cent) fail to consider security even when building applications in-house.

» Security researchers show how to hook phishers

» Symantec and Trend grapple with buffer overflow bugs

» Veteran defence hacking suspect cuffed in Greece

News: Virus

» Growing virus production taxes security firms

The volume - if not the variety - of malware samples has undergone almost exponential growth over the last three years.

Malware samples reached 5,490,960 in 2007, five times more than the 972,606 recorded in 2006; which was itself almost three times more than the 333,425 recorded in 2005. The figures, compiled by AV-Test.org, represent a growth in the number of variants of the same piece of malware rather than the creation of numerous new malware strains.

» Dutch regulator slaps spyware purveyors with 1m fine

» New Vulnerability in QuickTime

» Passwords on the loose

	SecurityAlert: Mo	nitor
	07.01.2009 -	Constructr CMS <= 3.02.5 Stable Multiple Remote Vulnerabilities

	07.01.2009 -	iGaming CMS <= 1.5 Multiple Remote SQL Injection Exploit

	07.01.2009 -	MD5 Considered Harmful Today: Creating a rogue CA certificate

	07.01.2009 -	PHP iCalendar <= 2.24 Insecure Cookie Handling Vulnerability

	06.01.2009 -	eDNews v2 (lg) Local File Inclusion Vulnerability

	WLB: Monitor
	07.01.2009 -	SolucionWeb (main.php?id_area) Remote SQL injection Vulnerability

	06.01.2009 -	php 4.x php5.2.x all "show_source()" ,"highlight_file()" bypass

	06.01.2009 -	Destiny Media Player 1.61 (.lst File) Local Stack Overflow Exploit

	06.01.2009 -	Walusoft TFTPServer2000 Version 3.6.1 Directory Traversal

	06.01.2009 -	Google Chrome FTP PASV IP Malicious Port Scanning Vulnerability.

	ExploitAlert:	Monitor
	07.01.2009 -	CoolPlayer BUILD 219 'PlaylistSkin' Buffer Overflow Exploit

	07.01.2009 -	ItCMS <= 2.1a (Auth Bypass) SQL Injection Vulnerability

	07.01.2009 -	Oracle 10g SYS.LT.COMPRESSWORKSPACETREE SQL Injection Exploit

	07.01.2009 -	PHPAuctionSystem Multiple Remote File Inclusion Vulnerabilities

	07.01.2009 -	ezPack 4.2b2 (XSS/SQL) Multiple Remote Vulnerabilities

Virus: Monitor

» 6 Jan 2009 Troj/Dloadr-CEI

» 6 Jan 2009 Troj/FakeAle-KQ

» 6 Jan 2009 Troj/IRCBot-ADG

» 6 Jan 2009 Troj/JSRedir-F

» 6 Jan 2009 Troj/OnLineG-G

» 6 Jan 2009 Troj/SWFdldr-L

» 6 Jan 2009 W32/Autorun-TF

» 6 Jan 2009 W32/Autorun-TG

» 6 Jan 2009 W32/Azero-B

» 6 Jan 2009 W32/Voterai-D

	Alert
Microsoft VISTA TCP/IP stack buffer overflow - 2008-11-27 Microsoft Device IO Control wrapped by the iphlpapi.dll API shipping with Windows Vista 32 bit and 64 bit contains a possibly exploitable, buffer overflow corrupting kernel memory.


	Apache
» Apache Tomcat information disclosure

» Apache Tomcat <= 6.0.18 UTF8 Directory Traversal Vulnerability

» Apache Tomcat information disclosure vulnerability

» Apache Tomcat XSS vulnerability



	PHP
» PHP 5.2.6 SAPI php_getuid() overload

» PHP ZipArchive::extractTo() Directory Traversal Vulnerability

» PHP 5.2.6 dba_replace() destroying file

» PHP 5.2.6 (error_log) safe_mode bypass