Security Vulnerabilities
- Vuln: Pligg CMS 'status' Parameter SQL Injection Vulnerability December 29, 2012Pligg CMS 'status' Parameter SQL Injection Vulnerability […]
- Vuln: Joomla! Multiple Information Disclosure Vulnerabilities February 3, 2012Joomla! Multiple Information Disclosure Vulnerabilities […]
- Vuln: QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability February 3, 2012QEMU KVM CVE-2012-0029 Local Privilege Escalation Vulnerability […]
- Vuln: Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability February 3, 2012Mozilla Firefox/SeaMonkey/Thunderbird XPConnect Security Check Cross Domain Scripting Vulnerability […]
- Bugtraq: [ MDVSA-2012:013 ] mozilla[ MDVSA-2012:013 ] mozilla […]
- Bugtraq: ESA-2012-010: EMC Documentum xPlore information disclosure vulnerabilityESA-2012-010: EMC Documentum xPlore information disclosure vulnerability […]
- Bugtraq: RFC 6528 on Defending against Sequence Number AttacksRFC 6528 on Defending against Sequence Number Attacks […]
- Bugtraq: [SECURITY] [DSA 2403-1] php5 security update[SECURITY] [DSA 2403-1] php5 security update […]
- More rss feeds from SecurityFocusNews, Infocus, Columns, Vulnerabilities, Bugtraq ... […]
error:
LWP::Protocol::https::Socket: SSL connect attempt failed with unknown errorerror:14090086:SSL routines:SSL3_GET_SERVER_CERTIFICATE:certificate verify failed at /usr/share/perl5/LWP/Protocol/http.pm line 51.
Solution:
There are other solutions available but the one we needed was to turn off the verification
we ran
export PERL_LWP_SSL_VERIFY_HOSTNAME=0
Thanks to
https://community.sourcefire.com/questions/running-into-an-ssl-issue-with-nexpose-connector
Jan 12
17
Linux: GET Command
If you were like me then trying the find which package has the GET command was like pulling teeth.
Hopefully this will save you some time. the GET command is part of the libwww-perl package
Ubuntu list
http://packages.ubuntu.com/hardy-updates/all/libwww-perl/filelist
Man Page
http://manpages.ubuntu.com/manpages/natty/man1/lwp-request.1p.html
I was helping a friend/associate of mine with his CrackBerry. (android insider) We spent hours trying to find a way to delete one of his contact list. You would think this was a easy task. Select list , click delete
NO this was not the case. After 3 wipes of the device and 3-4 restores. The simple fix was to go to contacts, select the list , then click on options, bring up the keyboard and type rset.
A new window will pop up on the phone’s screen, which will ask you if you want to wipe the contacts.
Simply choose YES and go through all windows. You will then be able to wirelessly sync or use Desktop Manager to repopulate contacts.
Dec 11
19
IIS7: Force download of CSV File
If you require the need to force download a CSV file. These are the steps we took to accomplish said task.
Remove the existing mime type.
Add a Content-Type to the http response header as
Name: Content-Type
Value: application/csv
This was required because the browser kept parsing the csv file as text. We needed the file to be force downloaded to the users PC.
We encountered a System Administrator Nightmare. Received notice that a server was running low on /var storage. After checking the server we found that the mysql folder was using 9GB. Come to find out it was only one particular file that was using 7GB which was ibdata1. When the server was launch we did not disable Innodb which use this file for storage. The file grows and grows without regard to server space. There is no truncate or shrink option for this file.
So my question is why use Innodb? Send me a response on Twitter , G+ or Facebook. I want to know seriously , you can my contact info on the about page
Below is what I had to do to correct the issue.
1. Perform a entire dump of OF THE databases on the server. Roughly about 2GB of data .
2. Stop the service
3. Move the current mysql data folder to another partition.
Command: mv /var/lib/mysql /home/mysql_backup
4. Recreate the folder /var/lib/mysql
Command: mkdir /var/lib/mysql and then: Chown mysql:mysql /var/lib/mysql
Note: if the permissions are not correct you will receive a error such as “ERROR! Manager of pid-file quit without updating file.”
5. next you will need to locate and run mysql_install_db
Note: mysql_install_db initializes the MySQL data directory and creates the system tables that it contains, if they do not exist.
6. you may want to add the following to your /etc/my.cnf file
innodb_file_per_table
7. Start the service
8. Enter the mysql console and run each command individually
SET FOREIGN_KEY_CHECKS=0;
SOURCE backup.SQL; < when running this command it may be best to be in the directory when you backed up the mysqldump. or you can specify the path to the file. Replace backup.sql with the actual file name of the dump
SET FOREIGN_KEY_CHECKS=1;
9. Restart the service and confirm the data.
Estimated turn around time: 1-2 hours depending on the database size