Security Advisories
Critical Vulnerability in IIS 5.0
March 18, 2003
IIS 5.0 gives the attacker full control of your system. Compromised systems should be removed from the network, analyzed and rebuilt with care. Worms can be written to exploit this vulnerability and patching is critically important. According to reports by CNET, intruders are actively exploiting this vulnerability. Also, according to an article on MSNBC.com, the […]
Code Execution and XSS Holes in PHP-Nuke
December 18, 2002
Code execution and cross-site scripting vulnerabilities have been found in PHP-Nuke 6.0, a popular but notoriously insecure web portal system which is used to run hundreds of thousands of sites. The first flaw is in the web mail module: if a user receives and reads a message with an attached file, the file is stored […]
Multiple New Security Vulnerabilities in SSH
December 17, 2002
Multiple vendors’ implementations of the SSH protocol contain buffer overflows and several other vulnerabilities, according to a new advisory issued by CERT. The security holes could be exploited remotely, leading to denial of service or the execution of arbitrary code under the SSH process’ privileges. A suite of test apps developed by Rapid7 can test […]
« Older Entries Newer Entries »
