Vendor: Joomla Joovideo Component

Risk Level: Critical

Description:
S@BUN has discovered a vulnerability in the Joovideo component for Joomla!, which can be exploited by malicious people to conduct SQL injection attacks.

Input passed to the “id” parameter in the Joomla! installation’s index.php script (when “option” is set to “com_joovideo” and “task” to “detail”) is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

Successful exploitation allows e.g. retrieving administrator usernames and password hashes, but requires knowledge of the database table prefix.
Affected Version: 1.2.2 PRO and other versions.

Solution:
Edit the source code to ensure that input is properly sanitized.

• Leave a comment... (0)

Vendor: Mozilla Firefox

Risk Level: Highly critical

Description:
Some vulnerabilities and weaknesses have been reported in Mozilla Firefox, which can be exploited by malicious people to bypass certain security restrictions, disclose potentially sensitive information, conduct cross-site scripting and phishing attacks, and potentially compromise a user’s system.

Affected Version: The vulnerabilities are reported in versions prior to 2.0.0.13.

Solution:
Update to version 2.0.0.13

• Leave a comment... (0)

At Nairahost, Security is one of our primary concern . According to Zone-H, in their latest “Statistics report 2005-2007” there are over 2,500 recordered hacks each day. According to them…

We recently published the 2007 statistics based on the data collected by Zone-H. One of the most interesting fact is the sharp decrease (-37%) of the attacks compared to the attacks reported the previous year. In fact, while in year 2006 we filed 752,361 attacks, in year 2007 the reported attacks were “only” 480,905.
In the past the most attacked operating system was Windows, but many servers were migrated from Windows to Linux… Therefore the attacks migrated as well, as Linux is now the most attacked operating system with 1.485.280 defacements against 815.119 in Windows systems (numbers calculated from 2000).

More of it can be read Here….

In reality over 99% of server hacks come from insecure softwares or scripts. These insecurities in softwares or scripts come from the programming code, and therefore there is absolutely no way search to find “all” insecure scripts.

Remote based hacks are extremely rare. If there is no weak passwords, and no insecure softwares or scripts, you have a very rare chance of ever being hacked.

In consideration of this alarming figure and facts, the Nairahost administration decided that the best move was to regularly update it’s clients on software vulnerabilities and updates through both a newsletter and via this portal, which thus gives birth to the Nairahost Security Portal.

All customers are encourage to subscribe to the rss feeds or mailing list.

• Leave a comment... (0)