http://www.justinsamuel.com Security, Linux, Development Tue, 15 Jan 2008 22:00:03 +0000 http://backend.userland.com/rss092 en Advisory: AWBS magic_quotes_gpc "Off" SQL Injection and XSS Vulnerabilities Release Date: 2007-06-10 Last Modified: 2007-07-26 Author: Justin Samuel [http://www.justinsamuel.com] Application: AWBS < 2.6.0 Severity: Highly Critical Impact: Disclosure of sensitive information Cross site scripting Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected. Vendor: Total Online Solutions, Inc. App. Website: http://www.awbs.com/ References: ... http://www.justinsamuel.com/2007/06/10/awbs-magic_quotes_gpc-off-sql-injection-and-xss-vulnerabilities/ Advisory: AWBS Dedicated Server Info Visible to All Users Release Date: 2007-06-10 Last Modified: 2007-07-26 Author: Justin Samuel [http://www.justinsamuel.com] Application: AWBS < 2.6.0 Severity: Less Critical Impact: Disclosure of sensitive information Vendor Status: Vendor released version 2.6.0 to address issue. Testing still needed to verify that issue is corrected. Vendor: Total Online Solutions, Inc. App. Website: http://www.awbs.com/ References: http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/ -------------------------------------------------------------------------- Description: Advanced Webhost ... http://www.justinsamuel.com/2007/06/10/awbs-dedicated-server-info-visible-to-all-users-vulnerability/ ################################################################# Vulnerability discovered by: Justin Samuel (www.justinsamuel.com) Discovery Date: 2006-07-11 Severity: Less Critical Impact: Exposure of sensitive information Product: ModernBill Affected Versions: 5.0.1 Vendor: ModernGigabyte, LLC (www.moderngigabyte.com) Product Link: http://www.modernbill.com/ ################################################################# http://www.justinsamuel.com/2006/07/11/vulnerability-modernbill-insecure-curl-settings/ php 5.1.4 rpms for rhel 4 have been added to the rpm downloads section. These are based off of the current fedora core 5 rpms with the following changes: * shared hosting security: removed posix functions [shared hosting security] * removed pcntl functions [shared ... http://www.justinsamuel.com/2006/05/25/php-514-rpms-for-rhel4-added-with-apc/ i've added scponly rpms with chroot enabled for rhel4. get the files here or by apt/yum. this is more useful in a shared hosting environment than the rpms found at DAG and elsewhere that don't have chroot enabled. to use this, for example on a plesk box to allow ... http://www.justinsamuel.com/2006/03/30/scponly-rpms-with-chroot-enabled-added-for-rhel4/ This howto is meant to be a quick fix for those moving from one server to two or those with two servers who want to disable recursion. This only works if at least one of your nameservers answers authoritatively for each zone already. I believe it should work ... http://www.justinsamuel.com/2006/03/16/use-forwards-in-bind-to-only-answer-queries-for-domains-on-your-servers/ I've added php-apc rpms for php 5.1.2 on rhel4, using the current stable release of APC (3.0.10). get the files here or by apt/yum. Additional notes: http://www.justinsamuel.com/2006/03/15/php-apc-rpms-added-for-php-512-apc-3010-rhel-4/ The following commands are all you need to create a self-signed (wildcard, if you want) SSL certificate: http://www.justinsamuel.com/2006/03/11/howto-create-a-self-signed-wildcard-ssl-certificate/ This howto will show you how to setup an SSL certificate on a Plesk server so that it will be used when people connect through secure pop, smtp and imap. http://www.justinsamuel.com/2006/03/11/howto-setup-ssl-certificates-for-mail-pop3s-imaps-smtps-on-plesk-courier-imap-qmail/ This HOWTO shows how to use the Plesk command line utilties to backup and restore a single domain. This can be useful, among other reasons, as a way to move a site between servers (though now they have the Migration Manager for that) or as a way to make ... http://www.justinsamuel.com/2006/03/09/howto-backup-and-restore-a-plesk-domain-from-the-command-line/