[ENews message] on Wednesday, the Security Information supplier Secunia published the following information: there are two security defects related to label browsing in the browsers of the Mozilla Foundation, the Opera browser, the Konqueror browser on the Linux platform, and the third-party plug-ins that enhance the IE function.
One defect is that a malicious website opened in a tag window can access the information entered in another tag window. An
Experts warned that the newly discovered and uncorrected security defects in the three browser software make the Web more dangerous.Last weekend, security researchers posted detailed information about new defects found in IE, Safari, and Firefox on the security email list.Secunia said on its website that defects in Firefox and Safari will cause the browser to crash, while defects in IE can be used by hackers to control users' computers.
Secunia is rat
Opera Software confirms it is developing a patch to fix a serious security vulnerability in its Opera desktop browser software. The Norwegian browser vendor does not provide a timetable for fixing this security vulnerability. However, a spokesman for Opera says the company will release the patch as soon as possible. Secunia, a security vulnerability tracking vendor in Denmark, lists this vulnerability as a "very serious" level security vulnerability.
unauthorized code, and executed by Flash Player."To learn more about the vulnerability and download the upgraded version, go to the official website of Macromedia. Security company Secunia also rated the vulnerability as "highly dangerous.
Thomas Kristensen, chief technology officer of Secunia, said: "More users use Flash Player Plug-ins than those who only use IE browsers ."
According to the
computer users at risk. We will continue to encourage disclosure of the vulnerability. We believe that directly exploiting vulnerabilities to enterprises will help consumers obtain comprehensive and high-quality upgrade services for security vulnerabilities, without exposing them to the threat of malicious attackers when enterprises are developing patches."
Until the vulnerability message is sent to the hackerCommunityThe vulnerability was reported by AUS-CERT (Australian CERT), US-cert, and
In Wednesday, security company Secunia disclosed a new security vulnerability in Real player and IE in which hackers could use RealMedia (. rm) files to open local files on browsers with RealPlayer installed.
This vulnerability exists in the RealPlayer of version number 10.5 (build 6.0.12.1056), which contains the plus and basic versions, for Windows, Mac os X, Linux, Unix, Palm OS, and Symbian OS. However, the past version also does not rule out the
Security Agency Secunia has new messages about Microsoft's Internet Explorer,secunia points out that the new problem with Internet Explorer has been presented, and that all of these are very serious, And all of these potential problems will cause significant damage to Internet Explorer users.
The first issue concerns IE's failure to perform a number of projects that have been routed from the Internet to t
[Saidi Net News] Usermin is a widely used management platform in Unix and Linux. In September 14, according to some security researchers, a vulnerability was found on this platform, it enables hackers to run malicious code through specially crafted emails.
Usermin enables Unix and Linux users to manage their accounts on the network through Web interfaces, such as reading emails. This tool is generally not included in Unix or Linux products, but often used with Webmin. Webmin is one of the mos
sent by the client browser rather than controlled by the server, you should not use this variable as a trust source.3.3 Verification Code
Another way to solve this problem is to use a Random verification code in each form submitted by the user, so that the user can fill in the random string on the image in the text box, and check the submitted form.
This method was abandoned before, because the use of Verification Code images involves a bug called MHTML, which may be affected in some versio
:
Send confirmation information to remote attackers through UDP port 7222.
Open a backdoor on UDP port 7222 to allow remote attackers to access the computer.
Generate the URLs with some column encoding.
Send HTTP requests to URLs and try to exploit the weakness of the PHP remote password to probe the XML-RPC, AWStats, and Darryl burgdlf Webhints for new propagation.
Try to execute your own files by using the URL [http: //] 62.101.193.244/[REMOVED]/lupii and
Save the downloaded
the fake HTTP Referer spoofing from an attacker, and an attacker could use the following code:
Header ("Referer:www.111cn.net");
or other methods that fake HTTP headers in malicious scripts and send them.
Because HTTP Referer is sent by the client browser and not by the server, you should not use the variable as a source of trust.
Verification Code
Another way to solve this problem is to use a random captcha in each form that the user submits, allowing the user to fill in the text box wi
According to foreign media reports, computer security experts have warned users, while the use of IE and Firefox may cause users to be remotely attacked.
When users use IE browser, if they encounter a malicious Web site, the system will also register a "firefoxurl://" handler. This program allows the browser to interact with specific content on the Web, which can cause users to suffer from remote attacks.
Earlier this week, security researchers Thor Larholm discovered the problem. Symantec bel
Security Agency Secunia released the latest warning that they claimed to have discovered Mozilla FireFox 2. "High risk" vulnerability in 0, the problem is in a special URI handler, although Internet Explorer is the cause of the problem, but Firefox is undoubtedly the culprit.
According to Secunia's report, Firefox registers the URI handler of "firefoxurl://", where problems will be allowed to execute arbitrary commands and parameters, This means that
mailto. This protocol is used to start the email client software in the browser.
However, any software developer can register their own applications with the operating system. This leads to some risk situations, as starting an application from a browser sometimes does not properly check the execution methods of these applications.
So far, hackers have found some ways to secretly add commands to a network connection using the URI protocol in some well-known application software to execute unau
memory area.
These two memory access vulnerabilities that affect Linux core can still affect Turbolinux Server and RedHat Fedora, which affects Debian Linux.
Another vulnerability, "vmsplice_to_pipe ()", is a region-wide vulnerability that allows hackers to gain the superuser permissions of compromised computers. In addition to the Red Hat and Turbolinux Server, the affected Linux systems also expand to Ubuntu Linux, Slackware Linux, and openSUSE.
Although the security industry
restriction)
COM
Fixed bug #62146 com_dotnet cannot be built shared
Fileinfo
Fixed bug #61812 (Uninitialised value used in libmagic)
FPM
Fixed bug #61812 (Uninitialised value used in libmagic)
Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows
Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read ()
Iconv
Fixed a bug that iconv extension fails to link to the correct library when another extension makes us
The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion;
products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the
content of the page makes you feel confusing, please write us an email, we will handle the problem
within 5 days after receiving your email.
If you find any instances of plagiarism from the community, please send an email to:
info-contact@alibabacloud.com
and provide relevant evidence. A staff member will contact you within 5 working days.