Author Archive
WordPress Trackback < 2.8.5 Denial of Service
If you are running WordPress < 2.8.5 and finding your blog inaccessible at times this post may be for you.
A denial of vulnerability was released back in Oct 2009 that affects < WordPress 2.8.5.
The exploit sends a continuous stream of POST requests with overly large blog titles to wp-trackback.php. This could result in the [...]
Distributed WordPress Password Guessing
One of The Internet Storm Center readers recently discovered a malicious WordPress hacking script.
The script is nothing more then a password guessing tool. However, what makes it unique — as pointed out by ISC, is the fact that it uses a MySQL database backend to store password attempts. This means the script could be executed [...]
WordPress <= 2.8.3 Reset Admin Password Vulnerability
An exploit has been released for all current versions of WordPress including WordPress
Critical IPhone SMS Vulnerability
Apple is releasing a critical patch on Saturday to address a recent vulnerability that was demonstrated at the infamous Blackhat hacking conference.
Charlie Miller, a consultant with Independent Security Evaluators, and Collin Mulliner, a PhD student at the Technical University of Berlin, presented the details of the vulnerability at the Black Hat Security Conference in Las [...]
WordPress Plugin DM Albums 1.9.2 vulnerabilities
DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]
