SECUNIA ADVISORY ID:
SA19501

VERIFY ADVISORY:
http://secunia.com/advisories/19501/

CRITICAL:
Highly critical

IMPACT:
System access

WHERE:
>From remote

SOFTWARE:
PHPNuke-Clan 3.x

DESCRIPTION:
uid0 has discovered a vulnerability in PHPNuke-Clan, which can be exploited by malicious people to compromise a vulnerable system.

See PHPNuke-Clan 3.x Advisory for more information.

Walaika K. Haskins, newsfactor.com writes:

There is a new kind of denial-of-service (DoS) attack hitting the Internet these days, and it has VeriSign and others responsible for handling the Internet's infrastructure very worried.

The unusually powerful attacks strike at the basic structure of the Net, exploiting the computers that manage online traffic and using them to overwhelm Web sites. The effects are similar to more traditional DoS attacks, but the newer technique by hackers is far more potent because it launches using fewer hacked computers and the ensuing attack is easily amplified to be far more overwhelming.

The new form of attacks emerged at the end of December 2005 and accelerated in January before settling down about mid-February, said VeriSign Chief Security Officer Ken Silva.

He said some 1,500 separate Internet domains have been attacked using the new method. Comparing the attacks to those in October 2002 when nine of the 13 computer "root" servers used to manage all Internet traffic were the object of a massive attack, Silva said that the new attacks were "significantly larger than what we saw in 2002, by an order of magnitude."

Read the complete article on VeriSign Warns of Massive Net Attacks

nukeevangelist writes:  

brandnew on gallery.menalto.com - new and enhanced gallery-modules for PHP-Nuke :: travel over and get your copy today!

actual releases: Gallery 2.0.4 :: Gallery 2.1 Release Candidate 2a :: Gallery 1.5.2-pl2 :: Gallery Remote 1.5

Gallery 2.0.4 release / 2.1-RC-2a [article]: "
Thanks once again to James Bercegay from GulfTech Security Research for tipping us off to a security vulnerability in Gallery 2.0.3 and the 2.1 release candidates. Your installation is only vulnerable if you have the register_globals PHP setting enabled. If you're vulnerable, an attacker can use this to execute a "local inclusion" exploit, or run code that's already on your server. This is especially dangerous if you allow upload privileges to users you don't trust, and your g2data directory is in a predictable location. We have released Gallery 2.0.4 and 2.1-RC-2a to fix this vulnerability, but it's also very easily patched by hand if you don't want to install a complete update. Read on for more details on how to quickly secure your Gallery install.
This vulnerability affects all versions of Gallery 2.x, but Gallery 1.x is not affected. If you're using Gallery 2.x we strongly recommend that you upgrade or secure your Gallery installation as soon as possible!
Please follow our upgrading instructions and download and install the latest release." Read More...

corba writes:  

I think this could be very useful for anyone who deals with database systems and database vulnerabilities.

Microsoft Corp. is going public with some of the hacking information discussed at its BlueHat Security Briefings event. Just days after the end of its third BlueHat conference, the software vendor today posted the first blog entries at a new Web site. Microsoft is also promising to publish more details on the secretive invitation-only event.

The Web site will include Microsoft staffer's "reflections on BlueHat 3" as well as photos, podcasts and video interviews with some of the presenters, said Security Program Manager Kymberlee Price in a blog posting. "We sincerely hope that our BlueHat 3 speakers (and BlueHat 1 & 2 speakers) will post their comments to the site as well and share their BlueHat experience," she wrote.

Presentations given during the latest conference, held last week on Microsoft's campus in Redmond, Wash., covered topics such as "exploiting Web applications" and "breaking into database systems," according to the Web site.

View: Microsoft BlueHat Security Briefings 2006
Read More: ComputerWorld

forgotz writes:  

Are you tired of Spyware, Malware and Adware programs being installed by ActiveX, but dont want to lose out on important functionality? Now offered from http://dadanuke.org as a PHP-Nuke block, all your guests or members will have to do is click on the Spyware Guide button or file link, download a simple registry patch (always backup your registry), double click the registry file to enter it into the registry and ActiveX protection will be activated. Read More...

nukeevangelist writes:  

brandnew: the devs at Gallery-Teams @ Menalto.com came up with the gallery 2.0.3 - get your copy today

Gallery 2.0.3 Security Fix Release [article]: "please download the Gallery 2.0.3 Security Fix Release today and upgrade now. This release adds no new features. It fixes a minor XSS exploit and an exploit in the session code that could allow users to remotely delete session files. These security flaws were discovered during an independent audit by James Bercegay from GulfTech Security Research who reported them to us and worked with us to provide an appropriate solution. There are no known exploits of these flaws in the wild. However we strongly recommend that you upgrade to version 2.0.3 as soon as possible. Please follow our upgrading instructions and download and install the latest release." Read More...