Daily Archives

Articles indexed Saturday March 27 2010

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

Page 78/84 | < Previous Page | 74 75 76 77 78 79 80 81 82 83 84  | Next Page >

  • nikto probe warning messages

    - by julio
    Hi-- I have a pretty standard VPS running Ubuntu 8.1, Apache 2.2, PHP 5 etc. -- standard Lamp stack. I am using suhosin and have tried my best to plug the obvious stuff, since I'm the only user-- there's no SSH access except via pubkey on a non-standard port, there's no root access by SSH, no FTP server running, iptables is set to discard anything outside of basically port 80 or my SSH port (there's no mail server or anything else). However, I've still been compromised (not badly as far as I can tell) probably by a SQL injection. I've locked down the SQL user (there's only one outside of root, and he's got limited priv, no file etc.) So I ran nikto to see what I'm doing wrong, and there's a list of things I've never seen, and can't find using "find" or any other method I'm aware of. See below: + /autologon.html?10514: Remotely Anywhere 5.10.415 is vulnerable to XSS attacks that can lead to cookie theft or privilege escalation. This is typically found on port 2000. + /servlet/webacc?User.html=noexist: Netware web access may reveal full path of the web server. Apply vendor patch or upgrade. + OSVDB-35878: /modules.php?name=Members_List&letter='%20OR%20pass%20LIKE%20'a%25'/*: PHP Nuke module allows user names and passwords to be viewed. + OSVDB-3092: /sitemap.xml: This gives a nice listing of the site content. + OSVDB-12184: /index.php?=PHPB8B5F2A0-3C92-11d3-A3A9-4C7B08C10000: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F36-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F34-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-12184: /some.php?=PHPE9568F35-D428-11d2-A769-00AA001ACF42: PHP reveals potentially sensitive information via certain HTTP requests which contain specific QUERY strings. + OSVDB-3092: /administrator/: This might be interesting... + OSVDB-3092: /Agent/: This might be interesting... + OSVDB-3092: /includes/: This might be interesting... + OSVDB-3092: /logs/: This might be interesting... + OSVDB-3092: /tmp/: This might be interesting... + ERROR: /servlet/Counter returned an error: error reading HTTP response + OSVDB-3268: /icons/: Directory indexing is enabled: /icons + OSVDB-3268: /images/: Directory indexing is enabled: /images + OSVDB-3299: /forumscalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /forumzcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /htforumcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /vbcalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-3299: /vbulletincalendar.php?calbirthdays=1&action=getday&day=2001-8-15&comma=%22;echo%20'';%20echo%20%60id%20%60;die();echo%22: Vbulletin allows remote command execution. See link + OSVDB-6659: /kCKAowoWuZkKCUPH7Mr675ILd9hFg1lnyc1tWUuEbkYkFCpCdEnCKkkd9L0bY34tIf9l6t2owkUp9nI5PIDmQzMokDbp71QFTZGxdnZhTUIzxVrQhVgwmPYsMK7g34DURzeiy3nyd4ezX5NtUozTGqMkxDrLheQmx4dDYlRx0vKaX41JX40GEMf21TKWxHAZSUxjgXUnIlKav58GZQ5LNAwSAn13l0w<font%20size=50>DEFACED<!--//--: MyWebServer 1.0.2 is vulnerable to HTML injection. Upgrade to a later version. I understand about the trace and index, but what about the vbulletin and autologin? I've searched, and I can't find any files like that on the server. I have no idea about the "MyWebServer" stuff, the PHP Nuke, or the Netware/servlet stuff-- there's nothing really on the server except a pretty standard Joomla site (updated to the latest version). Any help with these messages and/or what I'm doing wrong is very much appreciated.

    Read the article

  • Pros & Cons of Google App Engine

    - by Rishi
    Pros & Cons of Google App Engine [An Updated List 21st Aug 09] Help me Compile a List of all the Advantages & Disadvantages of Building an Application on the Google App Engine Pros: 1) No Need to buy Servers or Server Space (no maintenance). 2) Makes solving the problem of scaling much easier. Cons: 1) Locked into Google App Engine ?? 2)Developers have read-only access to the filesystem on App Engine. 3)App Engine can only execute code called from an HTTP request (except for scheduled background tasks). 4)Users may upload arbitrary Python modules, but only if they are pure-Python; C and Pyrex modules are not supported. 5)App Engine limits the maximum rows returned from an entity get to 1000 rows per Datastore call. 6)Java applications may only use a subset (The JRE Class White List) of the classes from the JRE standard edition. 7)Java applications cannot create new threads. Known Issues!! http://code.google.com/p/googleappengine/issues/list Hard limits Apps per developer - 10 Time per request - 30 sec Files per app - 3,000 HTTP response size - 10 MB Datastore item size - 1 MB Application code size - 150 MB Pro or Con? App Engine's infrastructure removes many of the system administration and development challenges of building applications to scale to millions of hits. Google handles deploying code to a cluster, monitoring, failover, and launching application instances as necessary. While other services let users install and configure nearly any *NIX compatible software, App Engine requires developers to use Python or Java as the programming language and a limited set of APIs. Current APIs allow storing and retrieving data from a BigTable non-relational database; making HTTP requests; sending e-mail; manipulating images; and caching. Most existing Web applications can't run on App Engine without modification, because they require a relational database.

    Read the article

  • A catalogue of Cassandra log messages: What is the correct interpretation?

    - by knorv
    The following is a complete catalogue of all log messages generated by Cassandra 0.6 when stress-testing a Cassandra installation over an extended period of time: AntiEntropyService: Sending AEService tree for (,) to: [] CassandraDaemon: Binding thrift service to localhost/N.N.N.N:N CassandraDaemon: Cassandra starting up... ColumnFamilyStore: has reached its threshold; switching in a fresh Memtable at CommitLogContext(file='.../cassandra/commitlog/CommitLog-N.log', position=N) ColumnFamilyStore: Enqueuing flush of Memtable()@N CommitLog: Discarding obsolete commit log:CommitLogSegment(.../cassandra/commitlog/CommitLog-N.log) CommitLog: Log replay complete CommitLog: Replaying .../cassandra/commitlog/CommitLog-N.log, ... CommitLogSegment: Creating new commitlog segment .../cassandra/commitlog/CommitLog-N.log CompactionManager: Compacted to .../cassandra/data//-N-Data.db. N/N bytes for N keys. Time: Nms. CompactionManager: Compacting [org.apache.cassandra.io.SSTableReader(path='.../cassandra/data//-N-Data.db'), ...] DatabaseDescriptor: Auto DiskAccessMode determined to be mmap GCInspector: GC for ConcurrentMarkSweep: N ms, N reclaimed leaving N used; max is N GCInspector: GC for ParNew: N ms, N reclaimed leaving N used; max is N Memtable: Completed flushing .../cassandra/data//-N-Data.db Memtable: Writing Memtable()@N SSTable: Deleted .../cassandra/data//-N-Data.db SSTableDeletingReference: Deleted .../cassandra/data//-N-Data.db SSTableReader: Sampling index for .../cassandra/data//-N-Data.db StorageService: Starting up server gossip SystemTable: Saved ClusterName found: Test Cluster SystemTable: Saved ClusterName not found. Using Test Cluster SystemTable: Saved Token found: N SystemTable: Saved Token not found. Using N For each of the log messages listed - what is the correct interpretation of the log message?

    Read the article

  • Substitute all matches with values in Ruby regular expression

    - by Lewisham
    Hi all, I'm having a problem with getting a Ruby string substitution going. I'm writing a preprocessor for a limited language that I'm using, that doesn't natively support arrays, so I'm hacking in my own. I have a line: x[0] = x[1] & x[1] = x[2] I want to replace each instance with a reformatted version: x__0 = x__1 & x__1 = x__2 The line may include square brackets elsewhere. I've got a regex that will match the array use: array_usage = /(\w+)\[(\d+)\]/ but I can't figure out the Ruby construct to replace each instance one by one. I can't use .gsub() because that will match every instance on the line, and replace every array declaration with whatever the first one was. .scan() complains that the string is being modified if you try and use scan with a .sub()! inside a block. Any ideas would be appreciated!

    Read the article

  • Zend_Registry: real life examples

    - by takeshin
    Do you find Zend_Registry useful? For which tasks it should be used? For which not? Global state for variables is not a good practice. Main objects may have global state injected via $front->setParam('paramName', $object), so what's the purpose of Zend_Registry?.

    Read the article

  • php proxy to local mercurial server

    - by naugtur
    I was wondering is it possible to create a php proxy to a server that listens onlu locally so that the php gateway is public and it directs everything to the server listening on localhost. This server would be mercurial's hg serve that listens only on 127.0.0.1 and php will do the authentication. Do You think it's possible to do? Anybody has an idea how to make a general proxy in php so that not only http get works, but also hg push? I know there are ways to host mercurial repo with auth, but it's on a plug computer and I don't have a lot of space for more apps etc.

    Read the article

  • Install i486 .package onto x64 CentOS

    - by medoix
    I am trying to install a ".package" file with Autopackage onto my x64 CentOS server and i receive the below statement. -sh-3.2$ bash armagetronad-dedicated-0.2.8.3.1.i486-generic-linux-gnu.package Sorry, Autopackage only supports x86 32-bit systems, or 64-bit systems with compatibility libraries installed. Please install the compatibility libraries and rerun install. However i cannot find any documentation on what 32-Bit libraries are required or even where to start... Any ideas or suggestions would be appreciated greatly.

    Read the article

  • PHP Network Monitoring

    - by Vlad Patrascu
    Is there a way that I can monitor the traffic, Upload/Download (separately) using PHP? I`d like to echo out something like that: Upload: 523 GB | Download: 25 GB This should be based on the System Uptime, so if I restart the computer, the count should restart. Thanks in Advance.

    Read the article

  • Which Wine DLLs should I *not* overwrite with the real thing?

    - by endolith
    I have a legit installation of Windows XP and dual boot with Ubuntu (currently Karmic). WineHQ says it's possible to use DLLs from a real installation of Windows in place of "DLLs that Wine does not currently implement very well". So I'd like to just create softlinks that point to all of the DLLs in my real Windows System32 folder, under the theory that this would help things function better and behave in a less buggy, more native way. But should I go as far as replacing the Wine DLLs with the real ones? If so, are there any DLLs that need to remain the way they are for compatibility with the Linux world? Which ones are safe to replace?

    Read the article

  • How do I change the class of an object to a subclass of its current class in C++?

    - by Jared P
    I have an array of pointers to a base class, so that I can make those pointers point to (different) subclasses of the base class, but still interact with them. (really only a couple of methods which I made virtual and overloaded) I'm wondering if I can avoid using the pointers, and instead just make an array of the base class, but have some way to set the class to the subclass of my choosing. I know there must be something there specifying the class, as it needs to use that to look up the function pointer for virtual methods. By the way, the subclasses all have the same ivars and layout. Note: the design is actually based on using a template argument instead of a variable, due to performance increases, so really the abstract base class is just the interface for the subclasses, which are all the same except for their compiled code. Thanks

    Read the article

  • How to access a flash object embedded via swfobject's embedSWF?

    - by Andree
    Hi there, I have to call an ActionScript method via Javascript, but I have a problem accessing the flash object itself. I embed the flash file via the help of swfobject. Previously, when I use the static publishing approach, I could easily get the flash object by calling these methods: swfobject.registerObject("flash_object", "9", "expressInstall.swf"); var flash_object = swfobject.getObjectById("flash_object"); For some technical reasons, now I have to use the dynamic publishing approach (using swfobject.embedSWF). But, as mentioned in the documentation, the method getObjectById can only be used if you use static publishing approach. Now, how can I access the flash object? Cheers, Andree

    Read the article

  • Jquery/YUI - Find image and set CSS to display:none

    - by danit
    I have the following image in a CMS that I want to hide, I dont really want to change source code but would like to hide a specific image which does not have a class applied. Here is the HTML: <td class="right side"> <a title="Show only topic 1" href="view.php?id=3&topic=1"> <img alt="Show only topic 1" src="http://vl3.co.uk/iphone/pix/i/one.gif"/> </a> <br/> </td> I want to hide the <a> and the <img>, bare in mind the title and alt tag can be different so cant use that as an identifier. I presume I could use .find() and then use .parent() to set the <a> to display: none; thus hiding the img? Im inlcuding the jQuery library, however the CMS has YUI included out of the box so if anyone has a YUI method it would be appreicated.

    Read the article

  • SSIS process files from folder

    - by RT
    Background: I've a folder that gets pumped with files continuously. My SSIS package needs to process the files and delete them. The SSIS package is scheduled to run once every minute. I'm picking up the files in ascending order of file creation time. I'm building an array of files and then processing-deleting them one at a time. Problem: If an instance of my package takes longer than one minute to run, the next instance of the SSIS package will pick up some of the files the previous instance has in its buffer. By the time the second instance of teh package gets around to processing a file, it may already have been deleted by the first instance, creating an exception condition. I was wondering whether there was a way to avoid the exception condition. Thanks.

    Read the article

  • Best cubicle toys for programming

    - by dlamblin
    I need some employee/co-worker Christmas gift ideas. Do you have any good cubicle toys that help you to do any of: think about programming problems solve programming problems by representing common abstractions can be directly programmed can interface with a PC based IDE to be programmed. it may present problems that can be solved, to kick start problem solving. Disallowed items are: reference material in book, pamphlet, poster or cheat-sheet form, even if it has kick ass pop-cultural references. edibles. [discuss separately] things that need their own lab-space and/or extensive tools to be worked with. So yes, Lego Mindstorms come to mind, but they aren't cubicle toys because they cost more than cubicle toys would, and they have too many losable parts. comments on the answers so far: The 20 Questions game sounds quite neat as it could get you thinking; The bean balls could be used as tokens in a problem, so I can see that working. The magnetic toys like ball of whacks or the ball-and-stick ones present hands on fun of a structural nature... now can there be a similar hands on fun toy that aids in representing a solution to a problem? The Gui Mags clearly could, but they're quite utility oriented. The AVR Butterfly is less of a toy but definitely priced attractively, cheaper and more responsive than a basic stamp. I'm not going to pick an answer; there's several great suggestions here. Thank you.

    Read the article

  • Need help making row of buttons consistent

    - by oliverghingold
    I'm making my first website, and I'm trying to make variable-sized buttons so they'll render correctly on low resolution (read: mobile) browsers. Currently I just have the usual rollover image solution (185 pixels wide by 37 tall if anybody cares), but when I preview the site in low resolution it looks, predictably enough, like complete crap (more specifically they don't have room so they arrange vertically instead of horizontally and take up a huge amount of screen real estate). Semi-related, is there a way to overlay text on a button without saving separate images, each with the correct text? Just using a single template for buttons and then deciding what text goes on it as it's needed? tl;dr: I'm trying to get a horizontal lineup of buttons for navigating my website, but I'm a noob and I can't do it right without your generous assistance.

    Read the article

  • Jquery calendar and tab sliding div clash...

    - by StealthRT
    Hey all, i am trying my best to figure out another way around this problem i seem to have encountered. On my website i have a jquery calendar and also a jquery div tab slider (this: http://www.queness.com/resources/html/tabmenu/jquery-tabbed-menu-queness.html). The problem comes into play with the DIV tag. The calender loads up inside a DIV with a id of 'calender'. The CSS for the tabs have the DIV hidden: CSS: .boxBody div {display:none;} .boxBody div.show {display:block;} .boxBody #category a {display:block;} And because of that, the calender never shows on the page. However, if i comment out that css code above, it shows up but does not cover each section as it should. In other words, everything is shown when it should be hidden until the tabs are clicked on to revel it. code: <script type="text/javascript"> $(document).ready(function() { $('#tabMenu > li').click(function(){ $('#tabMenu > li').removeClass('selected'); $(this).addClass('selected'); $('.boxBody div').slideUp('1500'); $('.boxBody div:eq(' + $('#tabMenu > li').index(this) + ')').slideDown('1500'); }).mouseover(function() { $(this).addClass('mouseover'); $(this).removeClass('mouseout'); }).mouseout(function() { $(this).addClass('mouseout'); $(this).removeClass('mouseover'); }); $('.boxBody #category li').mouseover(function() { $(this).css('backgroundColor','#888'); $(this).children().animate({paddingLeft:"20px"}, {queue:false, duration:300}); }).mouseout(function() { $(this).css('backgroundColor',''); $(this).children().animate({paddingLeft:"0"}, {queue:false, duration:300}); }); $('.boxBody li').click(function(){ window.location = $(this).find("a").attr("href"); }).mouseover(function() { $(this).css('backgroundColor','#888'); }).mouseout(function() { $(this).css('backgroundColor',''); }); }); </script> <div align="center"> <div class="Mainbox"> <ul id="tabMenu"> <div id="theLogo"><[img] src="img/theLogo.png" width="415" height="146" /></div> <li class="stats"><[img] src="img/Stats.png" width="70" height="52" id="tab1" /></li> <li class="cal"><[img] src="img/cal.png" width="70" height="52" id="tab2" /></li> <li class="loyalty"><[img] src="img/Loyalty.png" width="70" height="52" id="tab3" /></li> <li class="Employees"><[img] src="img/Employees.png" width="70" height="52" id="tab4" /></li> <li class="txtemail"><[img] src="img/TxtEmail.png" width="70" height="52" id="tab5" /></li> </ul> <div class="boxTop"></div> <div class="boxBody"> <div id="stats" class="show"> Just a test here.... </div> <div id="cal"> <div id='calendar'></div> </div> <div class="boxBottom"></div> </div> </div> How can i change the tab javascript code so that it does not have to hide the DIV's so that the calendar will work? I've tried to replace all div's with 'span' or 'p' but that does not seem to work at all. Any help would be great as i am stuck on this and can not go any further without it being solved! :) David

    Read the article

  • Filling combobox from database by using hibernate in Java

    - by denny
    Heyy; I am developing a small swing based application with hibernate in java. And I want fill combobox from database coloumn.How i can do that ? And I don't know in where(under initComponents, buttonActionPerformd) i need to do. For saving i'am using jbutton and it's code is here : private void jButton1ActionPerformed(java.awt.event.ActionEvent evt) { int idd=Integer.parseInt(jTextField1.getText()); String name=jTextField2.getText(); String description=jTextField3.getText(); Session session = null; SessionFactory sessionFactory = new Configuration().configure() .buildSessionFactory(); session = sessionFactory.openSession(); Transaction transaction = session.getTransaction(); try { ContactGroup con = new ContactGroup(); con.setId(idd); con.setGroupName(name); con.setGroupDescription(description); transaction.begin(); session.save(con); transaction.commit(); } catch (Exception e) { e.printStackTrace(); } finally{ session.close(); } }

    Read the article

  • sorting nested list, allow only li to be sorted witin the same ul

    - by Y.G.J
    $(document).ready(function() { $("#test-list").sortable({ items: "> li", handle : '.handle', axis: 'y', opacity: 0.6, update : function () { var order = $('#test-list').sortable('serialize'); $("#info").load("process-sortable.asp?"+order+"&id=catid&order=orderid&table=tblCats"); } }); $("#test-sub").sortable({ containment: "ul", items: "li", handle : '.handle2', axis: 'y', opacity: 0.6, update : function () { var order = $('ul').sortable('serialize'); $("#info").load("process-sortable.asp?"+order+"&id=catid&order=orderid&table=tblCats"); } }); }); <ul id="test-list"> <li id="listItem_10">first<img align="middle" src="Themes/arrow.png" class="handle" /></li> <li id="listItem_8">second<img align="middle" src="Themes/arrow.png" class="handle" /> <ul id="test-sub"> <li id="listItem_4"><img align="middle" src="Themes/arrow.png" class="handle2" /></li> <li id="listItem_3"><img align="middle" src="Themes/arrow.png" class="handle2" /></li> <ul id="test-sub"> <li id="listItem_9"><img align="middle" src="Themes/arrow.png" class="handle2" /></li> </ul> </li> </ul> </li> </ul> the problems i have: sorting the main ul is working but not all the time - i will try to fix that my own but if there is a problem with the code here and not the one in proccess-sortable - tell me. moving li in the main ul is ok but the sub or the sub of the sub is having problem - i can drag something from one sub to it's sub or the other way too - i don't want that to happend. i want to be able to drag li and by selecting that one that only this ul group will send to proccess-sortable to be updated - how can i catch the specific ul of li i am draging?

    Read the article

  • overflow-x AND Middle Mouse Button Moving

    - by Rad The Mad
    My Page is 980px in Width, but I have a few design elements (which belong with the background). I positioned them with position: absolute;. This creates a horizontal scrollbar for those who have a =< 1024 resolution. I disabled that scrollbar with overflow-x:hidden on (and for IE7 and etc). However, when I hold my middle mouse button,(i think this applies to laptop touchpads as well) it let's me move around to the right, is it possible to fix this with anything? (javascript, css)? Tested this issues in Chrome, IE, Firefox.

    Read the article

  • Is there a Linux distro specific for running as a host OS for Virtualization?

    - by harmh
    Hi, as I understand running VMware or other virtualizations requires a "host os". Normally this is one of your main os-es, that you really use. What I would like is a mini-linux and virtualization software pre-wrapped into a specialized bootalble, installable mini-os. So the linux would not have a webserver, nor X, just the minimum to run as a host OS and of course optimized for that, like some partitioning tools and such.

    Read the article

facebook twitter digg google delicious technorati stumbleupon myspace wordpress linkedin gmail igoogle windows live tumblr viadeo yahoo buzz yahoo mail yahoo bookmarks favorites email print

< Previous Page | 74 75 76 77 78 79 80 81 82 83 84  | Next Page >