Alerts
SEO Egghead Blog gets hit with spam
Jaimie Sirovich of SEO Egghead has reported that his blog was attacked by spam is claiming that it is due to an an HTML insertion vulnerability which affects WP 2.3 and the latest version 2.3.1. Unfortunately, he has not provided any further details, so we cannot look into this further.
When we do a Google search [...]
BackUpWordPress Remote File Include Vulnerability
A remote file include vulnerability has been found in BackupWordpress < 0.4.3.
This means if an attacker can execute code on your web server if they can access the following script directly:
http://[target]/_path]/plugins/BackUp/Archive.php
A proof of concept exploit has already been released into the wild. We suggest you upgrade as soon as possible.
Affected code:
require_once $GLOBALS['bkpwp_plugin_path'].”PEAR.php”;
A new version is [...]
Wordpress 2.3: edit-post-rows XSS Vulnerability
Janek Vind "waraxe" released an XSS vulnerability that affects WordPress 2.3 (The latest 2.3.1 is not affected).
The vulnerability can be found in "wp-admin/edit-post-rows.php". The affected code is as follows:
<?php foreach($posts_columns as $column_display_name) { ?>
<th scope=”col”><?php echo $column_display_name; ?></th>
<?php } ?>
This vulnerability requires the affected web site to have register_globals enabled in order to set the [...]
Joomla gallery module vulnerable
The guys over at security.immerda.ch give a really nice narative of how one of their hosted web sites recently got hacked, and the steps they went through to identify and rectify the problem. Its really honest, and made a great read.
The attackers apparently got in with a third party gallery module for Joomla. Joomla! is [...]
