http://www.dslreports.com/forum/r22647679 en Sun, 06 Dec 2009 06:03:43 EDT Sun, 06 Dec 2009 06:03:43 EDT http://www.dslreports.com/forum/remark,22665549 SnowyOne : It's a good thing that the browser is responsible for the system.
Imagine if that task belonged to web content.]]> http://www.dslreports.com/forum/remark,22665549 Tue, 07 Jul 2009 06:10:35 EDT http://www.dslreports.com/forum/remark,22665524 Link Logger : Its so easy to whack a truck load of websites it hurts, insert malware and all of a sudden its a browser problem.

Blake]]> http://www.dslreports.com/forum/remark,22665524 Tue, 07 Jul 2009 05:22:58 EDT http://www.dslreports.com/forum/remark,22656825 VikingBob : Update from ISC: »isc.sans.org/diary.html?storyid=6730]]> http://www.dslreports.com/forum/remark,22656825 Sun, 05 Jul 2009 11:56:43 EDT http://www.dslreports.com/forum/remark,22647679 VikingBob : From »isc.sans.org/diary.html?storyid=6715

There have been a high number of Cold Fusion web sites being compromised in last 24 hours. We received several e-mails about this.

It appears that the attackers are exploiting web sites which have older installations of some Cold Fusion applications. These applications have vulnerable installations of FCKEditor, which is a very popular HTML text editor, or CKFinder, which is an Ajax file manager. The vulnerable installations allow the attackers to upload ASP or Cold Fusion shells which further allow them to take complete control over the server.

The attacks we've been seeing in the wild end up with inserted tags into documents on compromised web sites. As you can probably guess by now, the script tags point to a whole chain of web sites which ultimately serve malware and try to exploit vulnerabilities on clients.]]> http://www.dslreports.com/forum/remark,22647679 Thu, 02 Jul 2009 22:25:17 EDT