[nycphp-talk] php vulns from SecurityFocus Newsletter # 211
Analysis & Solutions
danielc at analysisandsolutions.com
Mon Aug 25 20:55:23 EDT 2003
INTERESTING ARTICLES
--------------------
Slow Down Internet Worms With Tarpits
http://www.securityfocus.com/infocus/1723
IPtables handles this by allowing a tarpitted port to accept any incoming
TCP connection. When data transfer begins to occur, the TCP window size is
set to zero, so no data can be transferred within the session. The
connection is then held open, and any requests by the remote side to close
the session are ignored. This means that the attacker must wait for the
connection to timeout in order to disconnect. This kind of behavior is bad
news for automated scanning tools (like worms) because they rely on a
quick turnaround from their potential victims.
Slammer worm crashed Ohio nuke plant network
http://www.securityfocus.com/news/6767
VULNERABILITIES IN PHP APPS
---------------------------
Horde Application Framework Account Hijacking Vulnerability
http://www.securityfocus.com/bid/8399
HostAdmin Path Disclosure Vulnerability
http://www.securityfocus.com/bid/8401
Xoops BBCode HTML Injection Vulnerability
http://www.securityfocus.com/bid/8414
HolaCMS HTMLtags.PHP Local File Include Vulnerability
http://www.securityfocus.com/bid/8416
PHPSecureSite SQL Injection Vulnerabilities
http://www.securityfocus.com/bid/8427
MatrikzGB Guestbook Administrative Privilege Escalation Vuln...
http://www.securityfocus.com/bid/8430
Atilla PHP Content Management System Multiple Web Vulnerabil...
http://www.securityfocus.com/bid/8437
Fusion News Unauthorized Account Addition Vulnerability
http://www.securityfocus.com/bid/8441
--
FREE scripts that make web and database programming easier
http://www.analysisandsolutions.com/software/
T H E A N A L Y S I S A N D S O L U T I O N S C O M P A N Y
4015 7th Ave #4AJ, Brooklyn NY v: 718-854-0335 f: 718-854-0409
More information about the talk
mailing list