-= [EdadFutura] =- v.6.0 - [beta]

Blogs - Gadgets - Networking - Consumer - Safety - Entertainment - Technology - Curiosity - Emulators - Iphone - Galeria Famosas - Software Downloads

Entries Comments



Multiple vulnerabilities in PHP 5.2.x

November 19, 2007 (01:43) | Security | By: viperEF

Found multiple vulnerabilities in PHP 5.2.x, some are of unknown impact and others could be exploited by a remote attacker to bypass certain security restrictions.

* A vulnerability is caused by an error in the handling of variables and could be exploited by a remote attacker to overwrite values in httpd.conf via the function ini_set ().

* The second vulnerability is caused by an error when processing files. Htaccess and could be exploited by a remote attacker to bypass the disable_functions directive if you modify the php.ini directive mail.force_extra_parameters through a file. Htaccess.

* Another vulnerability is caused by several errors limit the functions fnmatch (), setlocale () and balloons () which could be exploited by a remote attacker to cause buffer overflows.

The final vulnerability is caused by several errors in the functions and htmlentities htmlspecialchars not accept partial multibyte sequences.

Are advised to upgrade to version 5.2.5 is available from:

http://www.php.net/downloads.php

More information:

Source: Hispasec

PHP 5.2.5 Release Announcement

http://www.php.net/releases/5_2_5.php

Comments: --

PDF files exploit a flaw in Adobe Reader to infect systems

October 26, 2007 (00:25) | Security | By: viperEF

A vulnerability in Adobe Reader (in fact shared with Microsoft Windows) is being exploited to run code with just opening a PDF file. While this vulnerability is known from a few weeks ago, it was not until October 22 emails that have been observed attempting to exploit the bug by downloading and installing malware hosted on (surprise, surprise) the Russian Business Network.

In June, the popular spam through PDFs. Embed a barely legible image files in this format (in which trust

users) and spammers are all filters jumped well until they got to adapt and stop the avalanche. Then avisábamos that, at least not trying to take advantage of this spam any vulnerability in the popular Adobe Reader and that if the post was opened only lose time. Until now ... it has been discovered that are sending PDF files that are opened in a Windows, exploit a vulnerability in Adobe Reader and are able to download and run code.

Read more »

Comments: 1