SECUNIA ADVISORY ID: SA18972

VERIFY ADVISORY

CRITICAL: Moderately critical
IMPACT: Cross Site Scripting, Manipulation of data

If you are using NukeSentinel(tm) you should be protected from this exploit.

68_andahalf_68 writes:  

Security experts today warned of a Linux network worm that exploits holes in the Mambo content management system and the PHP XML-RPC library.

Dubbed Mare.D, the worm leaves multiple backdoors on infected systems. Two of these are connectback shell backdoors that link to a remote host, while a third allows the malware's writer to access and control infected systems via IRC.

Read More

Note: 

from Raven: Check your security logs and access_logs. I have been diluged with attempts to use the Mambo hack on my site, to no avail of course. If your host does not provide you with an Apache module called mod_security, insist that they get it installed and configured. It's one of the easiest and best tools for stopping so many of these kinds of exploits :)

68_andahalf_68 writes:  

Finjan, a global provider of web security solutions for businesses and organisations, has warned that e-cards sent for events such as Valentine's Day, are open to misuse from those seeking to deploy malware. Some five million e-cards were sent and received on 14 February 2005, many to and from work e-mail addresses, and even more e-cards are expected this year, increasing the threat from phishing, spyware and viruses.

According to Finjan, hackers are using malicious code to try to outsmart traditional security systems such as anti-virus, firewall and Intrusion Prevention/Detection products. It said even the receipt of an e-card can be a threat and claimed that while some recipients will opt to ignore them, others will try to open them, possibly exposing an organisation to web-borne security threats.

Read More

68_andahalf_68 writes:  

Gentoo Linux Security Advisory Advisory Reference GLSA 200602-03 / Apache Release Date February 06, 2006 Latest Revision February 06, 2006: 01 Impact normal Exploitable remote Package Vulnerable versions... Read More

hitwalker writes:  

Ok we all have our nuke site running and its protected also with sentinel...right?
Okay but how many of you have more things installed like more websites or just scripts that run outside of the protection of Sentinel?
Well let me tell you this... Read More...

68_andahalf_68 writes:  

Two vulnerabilities have been discovered and a security issue in TinyPHPForum, which can be exploited by malicious people to conduct script insertion attacks and disclose sensitive information. Source : http://evuln.com/vulns/14/summary.html