Great Reviews!Need help setting up your website, installing Apache, PHP, MySQL, or RavenNuke(tm)?Need help customizing or designing scripts?Please contact us via the Contact Us option for further details and pricing.
[01-May-2008] The PHP development team would like to announce the immediate availability of PHP 5.2.6. This release focuses on improving the stability ofthe PHP 5.2.x branch with over 120 bug fixes, several of which are security related. All users of PHP are encouraged to upgrade to this release.
Security Enhancements and Fixes in PHP 5.2.6:
* Fixed possible stack buffer overflow in the FastCGI SAPI identified by Andrei Nigmatulin.
* Fixed integer overflow in printf() identified by Maksymilian Aciemowicz.
* Fixed security issue detailed in CVE-2008-0599 identified by Ryan Permeh.
* Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz.
* Properly address incomplete multibyte chars inside escapeshellcmd() identified by Stefan Esser.
* Upgraded bundled PCRE to version 7.6
Posted by Raven on Friday, May 02, 2008 @ 12:57:49 EDT (1545 reads) ( | Score: 0)
Strength In Passwords
papamike writes "I spent a whole bunch of years as a Network Engineer (retired PhD). And in all of that time one thing I pushed was strong passwords.
I violated my own goldplated rule and allowed one of the people I host to have a 'weak' password because of his physical condition.
Now today I'm paying the price for violating my rule in the number of hours spent weeding out implanted code within php and html files scattered all over the site in question.
Please, for your own sake, keep the passwords strong and don't give them out to anyone. Your friend today just could be your enemy tomorrow."
Posted by Raven on Friday, May 02, 2008 @ 00:09:28 EDT (691 reads) ( | Score: 0)
BackTrack
southern writes "BackTrack is a Live Linux distribution based on SLAX that is focused purely on penetration testing. Distributed by remote-exploit.org, BackTrack is the successor to Auditor. It comes prepackaged with security tools including network analyzers, password crackers, wireless tools and fuzzers. Although originally designed to Boot from a CD or DVD, BackTrack contains USB installation scripts that make portable installation to a USB device a snap.
Posted by Raven on Wednesday, April 30, 2008 @ 18:23:02 EDT (1345 reads) ( | Score: 0)
Clan Roster 2.0 Released!
floppydrivez writes "Clan Themes has finally released a new version of Clan Roster.
Whats New?
Multiple Games Added
Multiple Member Images (4 total)
Simplified User Interface
Added a Division system
Added a Clan Tag system
Switched to a template system for ease of use and customization.
Per-Domain Licensing System
Auto-Status Mod
Ribbon / Award Forum Intergration
Scrolling-side block
Fixed all the errors from 1.7
Tested on the latest versions of RavenNuke, Evolution, and Platinum."
Posted by Raven on Thursday, April 24, 2008 @ 02:54:21 EDT (4264 reads) (Read More... | 1050 bytes more | Score: 0)
Mass Attack JavaScript injection - hundreds of thousands affected
Websense® Security Labs has been tracking a recent development of the malicious JavaScript injection that compromised thousands of domains at the start of this month, just 2-3 weeks ago. The attackers have now switched over to a new domain as their hub for hosting the malicious payload in this attack. We have no doubt that the two attacks are related as our brief analysis in our blog will detail. In the last few hours we have seen the number of compromised sites increase by a factor of ten.
This mass injection is remarkably similar to the attack we saw earlier this month. When a user browses to a compromised site, the injected JavaScript loads a file named 1.js which is hosted on http://www.nihao[removed].com The JavaScript code then redirects the user to 1.htm (also hosted on the same server). Once loaded, the file attempts 8 different exploits (the attack last April utilised 12). The exploits target Microsoft applications, specifically browsers not patched against the VML exploit MS07-004 as well as other applications. Ominously files named McAfee.htm and Yahoo.php are also called by 1.htm but are no longer active at the time of writing.
There are further similarities too between the two mass attacks. Resident on the latest malicious domain is a tool used in the execution of the attack. An analysis of that tool can be found in the ISC diary entry here. Mentioned in that diary entry is http://www.2117[removed].net. Our blog on that attack can be found here. It appears that same tool was used to orchestrate this attack too.
The number of sites affected is in the hundreds of thousands. Casualties of the previous attack include various US news web sites, a major Israeli shopping portal, and numerous travel sites.
Websense® security customers are protected from this attack.
Posted by Raven on Tuesday, April 22, 2008 @ 17:26:32 EDT (1307 reads) ( | Score: 0)
DESCRIPTION: Some vulnerabilities have been reported in OpenOffice, which can be exploited by malicious people to potentially compromise a user's system. Successful exploitation of the vulnerabilities may allow execution of arbitrary code. The vulnerabilities are reported in versions prior to 2.4.
Posted by Raven on Thursday, April 17, 2008 @ 22:32:39 EDT (1253 reads) (Read More... | 1810 bytes more | Score: 0)
SOFTWARE:
Safari 3.x http://secunia.com/product/17989/
Safari for Windows 3.x http://secunia.com/product/17978/
DESCRIPTION: Some vulnerabilities have been reported in Safari, which can be exploited by malicious people to conduct cross-site scripting attacks or potentially to compromise a user's system. Successful exploitation may allow execution of arbitrary code e.g. when a user visits a malicious web page. The vulnerabilities are reported in versions prior to 3.1.1.
Posted by Raven on Thursday, April 17, 2008 @ 21:55:11 EDT (1226 reads) (Read More... | 1867 bytes more | Score: 0)
Mozilla Firefox Javascript Garbage Collector Vulnerability
SOFTWARE: Mozilla Firefox 2.0.x http://secunia.com/product/12434/
DESCRIPTION: A vulnerability has been reported in Mozilla Firefox, which can potentially be exploited by malicious people to compromise a user's system. The vulnerability is reported in version 2.0.0.13. Prior versions may also be affected.
Posted by Raven on Thursday, April 17, 2008 @ 20:12:50 EDT (1318 reads) (Read More... | 1307 bytes more | Score: 0)
CSS Driven PhpNuke Theme Released
gotcha writes "MidTown is a CSS driven phpnuke theme that uses no tables for the main layout and contains valid XHTML 1.0 Transitional code. This leads to faster page rendering, reduced server load, and better search engine optimization. MidTown is a variable width phpnuke theme that will stretch to fit the browser window. The left blocks can easily be switched on/off for the forums by changing a single setting. The welcome area (right below the tabs) can be set to show the clock and welcome message(default) or it can be changed to a search form for forums or news. MidTown includes a matching forum template and account icons.
You can get more info and check out the screenshots on the MidTown Product Page
RavenNuke users can get $10 off any theme on nukecoder.com by entering the coupon code RAVENNUKE"
Posted by Raven on Wednesday, April 16, 2008 @ 19:58:00 EDT (1052 reads) ( | Score: 0)
3 New Themes Released From Clan Themes
xgstq writes "Clan Themes is please to announce 3 new Clan
Templates they are
![[Valid RSS]](http://www.ravenphpscripts.com/images/valid-rss.png "Validate my RSS feed"){kind=small}
:: 
::
