PHP Weak Random Number Seed Vulnerability

Wednesday, May 7th, 2008

Since version 4.2.0 PHP automatically seeds the random number generators on the first usage of rand() and mt_rand(). This is done with the help of the GENERATE_SEED() macro. Unfortunately it was discovered that the GENERATE_SEED() macro contains several problems that can lead to a weaker seed than expected. In the worst ...

Posted in Coding, PHP, Security | No Comments

Cross-Site-Scripting with Morse code

Monday, May 5th, 2008

Nowadays, who understands Di-Di-Di-Da-Da-Da-Di-Di-Dit (S.O.S., Save Our Souls)? Few people do, but your web browser just might. In his blog, security expert Nathan McFeters has reported the discovery of a cross-site scripting (XSS) vulnerability on an Italian website that allows attackers to inject malicious JavaScript encoded in Morse code in ...

Posted in Coding, Internet, Privacy, Security | No Comments

PHP 5.2.6 plugs security holes

Friday, May 2nd, 2008

The developers of the PHP scripting language have issued Version 5.2.6, which fixes numerous bugs and plugs some security holes. The changes are comprehensive, including bug fixes to modules that link to third-party products. PHP 5.2.6 also rectifies several flaws that could have caused a crash. The developers have eliminated errors ...

Posted in Coding, Internet, PHP, Security | No Comments

Stop XSS attacks with SafeHTML

Wednesday, April 30th, 2008

If you allow user-contributed content in your site, you run into the problem of dealing with user supplied HTML in a safe manner. The most secure way of dealing with things, of course, is to strip or escape all HTML from user input fields. Unfortunately, there are many situations where ...

Posted in Coding, Internet, Security | No Comments

WordPress PHP Code Execution and Cross-Site Scripting

Monday, April 28th, 2008

Two vulnerabilities have been reported in WordPress, which can be exploited by malicious people to conduct cross-site scripting attacks, bypass certain security restrictions, and to compromise a vulnerable system. 1) A vulnerability is caused due to improper access restriction of the administration section. This can be exploited to bypass the authentication ...

Posted in Coding, Internet, Security, Software | No Comments

Previous Entries
Next Entries  
Copyright 2008 PC Sympathy - Entries (RSS) or Comments (RSS)