(Dec 11) A heap-based buffer overflow was discovered in bogofilter, a software package for classifying mail messages as spam or non-spam. Crafted mail messages with invalid base64 data could lead to heap corruption and, potentially, arbitrary code execution. [More…]
(Dec 2) Jueri Aedla discovered a buffer overflow in the libxml XML library, which could result in the execution of arbitrary code. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Oct 31) High-Tech Bridge SA Security Research Lab discovered multiple null-pointer dereferences based vulnerabilities in OpenOffice which could cause application crash or even arbitrary code execution using specially crafted files. Affected file types are LWP (Lotus Word Pro), ODG, PPT (MS Powerpoint [More…]
If you are running an apache server password protecting directories is fairly simple. There are plenty of generators that will help you generate all of the code that you need to place into your .htaccess and .htpasswd files. This can […] ↓ Read the rest of this entry…
(Oct 26) It was discovered that Exim, a mail transport agent, is not properly handling the decoding of DNS records for DKIM. Specifically, crafted records can yield to a heap-based buffer overflow. An attacker can exploit this flaw to execute arbitrary code. [More…]
(Oct 21) It was discovered that a buffer overflow in libtiff’s parsing of files using PixarLog compression could lead to the execution of arbitrary code. [More…]
(Oct 5) Nicholas Gregoire and Cris Neckar discovered several memory handling bugs in libxslt, which could lead to denial of service or the execution of arbitrary code if a malformed document is processed. [More…]
(Sep 26) A regression in the SIP handling code was found in DSA-2550-1. For the stable distribution (squeeze), this problem has been fixed in version 1:1.6.2.9-2+squeeze8. [More…]
(Aug 4) It was discovered that the recent update for isc-dhcp, did not contain the patched code included in the source package. Due to quirk in the build system those patches were deapplied during the build process. [More…]
(Aug 4) Jueri Aedla discovered several integer overflows in libxml, which could lead to the execution of arbitrary code or denial of service. For the stable distribution (squeeze), this problem has been fixed in [More…]
(Aug 2) Timo Warns from PRE-CERT discovered multiple heap-based buffer overflows in OpenOffice.org, an office productivity suite. The issues lies in the XML manifest encryption tag parsing code. Using specially crafted files, an attacker can cause application crash and could cause arbitrary code execution. [More…]
(Jul 8) Ulf Härnhammar found a buffer overflow in Pidgin, a multi protocol instant messaging client. The vulnerability can be exploited by an incoming message in the MXit protocol plugin. A remote attacker may cause a crash, and in some circumstances can lead to remote code execution. [More…]
The information in this post is about a project in motion. The final delivery may differ from what is discussed here, especially as we consider the feedback you have. Our last article discussed changing from compile-on-demand to delivery of pre-compiled…
New syntax is:
plesk_password_changer.php <old admin password> [new admin password] [options]
Where [options] can be:
–all – [default] reset passwords for all supported entities
–admin – reset password for admin
–resellers – reset passwords for resellers
–clients – reset passwords for clients
–domains – reset passwords for main FTP account of domains
–domainadmins – reset passwords for Domain Administrators
–users – change passwords for hosting panel users
–additionalftpaccounts – reset passwords for additional FTP accounts for domains
–subdomains – reset passwords for subdomains. NOTE: For Plesk 10.x subdomains treated as domains.
–webusers – reset passwords for Web Users
–mailaccounts – reset passwords for mail accounts
For example, next command
"%plesk_dir%additionalPleskPHP5php.exe" -d safe_mode=0 plesk_password_changer.php setup s3$ret! --admin --clients
means that passwords for admin and clients will be reset, password for admin will be "s3$ret!" (without quotes)
Whitelist A Rule in Mod Security # Find Modsec Errors cat /usr/local/apache/logs/error_logs | grep -i modsec # Check the domain logs if you don’t see it in the apache logs cat /usr/local/apache/domlogs/$DOMAIN | grep -i modsec # Add this […] ↓ Read the rest of this entry…
In an effort to streamline the Enkompass update process, the Enkompass development team has removed thousands of lines of upgrade code that is no longer needed. This removal will prevent technical problems when administrators upgrade Enkompass to newer versions. As…
Next issues have been fixed:
[+] (Only for Unix) The Apache web server with the SNI support is now available for CloudLinux 5.
[+] (Only for Unix) When Panel is installed from the EZ template for CentOS 5, it is possible to set it up to use PHP 5.3 instead of PHP 5.1.
[-] The link to view what’s new in available upgrades on the Administrator’s dashboard opened the release notes for the current product version instead of opening the release notes for the new version.
[-] The pre10-backup-convert utility failed to convert a backup from Plesk 9.5.4 with the error "The called template 'createIpElement' was not found." if the backup contained domain names that were not associated with physical hosting.
[-] Customers failed to log in to webmail under an internationalized domain name.
[-] After executing the update-hostname utility, administrators were unable to access Business Manager because Panel redirected them to the URL like https://domain.com//domain.com:8443/plesk-billing/admin.
[-] Administrators failed to open the Accounts Receivable Ageing report with the error: "Access to this action is restricted. Please update your admin group to allow access to this action".
[-] Administrators failed to add customer accounts to Business Manager with the error: "Failed to add customer account 'New Customer' (newcustomer@parallels.com): Language not found: language_iso2=zh".
[-] Panel users failed to upload SSL certificate files with the error "SSLCertificate::check_signs() failed: openssl_x509_checkpurpose() failed".
[-] (Only for Unix) Administrators failed to edit firewall rules in Panel with the error "Error: Could not activate firewall configuration".
[-] (Only for Unix) Panel installations failed with the error: "Starting httpd: /usr/sbin/httpd: symbol lookup error: /usr/sbin/httpd: undefined symbol: apr_pool_pre_cleanup_register [FAILED]".
[-] (Only for Unix) Panel installations from the 10.3.1 EZ template with the PHP 5 support failed with the error "No Match for argument: php-sqlite2".
[-] (Only for Windows) Options of the assignment and placement policy (in the IIS application pool settings) were actualized.
[-] (Only for Unix) Customers could remove a system directory on a domain (for example, etc/ or bin/) by creating a subdomain which name matched one of the system names (for example, etc.domain.com or bin.domain.com).
[-] (Only for Unix) Panel displayed an outdated instruction about how to retrieve a forgotten password for Panel administrators.
[-] (Only for Unix) Restoration of a domain content failed with the error "Permission denied" and a part of directories were not restored.
[-] (Only for Unix) Panel data migration failed with the error "launchpad error (Error code = 1)" if administrators specified the SSH port in the 32768-65535 range.
[-] (Only for Unix) Backup tasks scheduled by resellers did not run.
[-] (Only for Unix) Panel data migration failed with errors if a migrated domain name or a mailbox name contained uppercase characters.
[-] (Only for Unix) Mailing lists were not migrated from 9.x to 10.x versions if the default locale language on a source server was other than English. The migration error in dump.log was as follows: "INFO Unable to found Mailman installation".
[-] (Only for Windows) After the upgrading Panel from 9.5 to 10 and then migrating subdomains to a different Panel, Administrators received the following error: Execution of "C:Program Files (x86)ParallelsPleskbinsubdomain.exe" --create subdomainname -domain domainname.com -www-root subdomainssubdomainnamehttpdocs -maintenance-mode false failed with return code 1..
[-] (Only for Windows) After upgrade from the 10.2 version, msvcr71.dll and msvcp71.dll libraries were removed from the system which caused various errors in SpamAssassin, Perl, Python and PHP scripts.
[-] (Only for Windows) A message with instructions about how to change the Panel administrator’s password in case when Panel is integrated with Business Manager contained a broken link to documentation.
[-] (Only for Windows) Panel opened the blank IP Addresses Management page after migration in case one of the registered IP addresses did not match the format.
52 queries. 9 mb Memory usage. 0.264 seconds.