WordPress
WordPress Trackback < 2.8.5 Denial of Service
If you are running WordPress < 2.8.5 and finding your blog inaccessible at times this post may be for you.
A denial of vulnerability was released back in Oct 2009 that affects < WordPress 2.8.5.
The exploit sends a continuous stream of POST requests with overly large blog titles to wp-trackback.php. This could result in the [...]
Distributed WordPress Password Guessing
One of The Internet Storm Center readers recently discovered a malicious WordPress hacking script.
The script is nothing more then a password guessing tool. However, what makes it unique — as pointed out by ISC, is the fact that it uses a MySQL database backend to store password attempts. This means the script could be executed [...]
WordPress <= 2.8.3 Reset Admin Password Vulnerability
An exploit has been released for all current versions of WordPress including WordPress
WordPress 2.8.3 Fixes Security Holes
If you haven’t already done so, we’d stongly recommend upgrading to WordPress 2.8.3. Also, the WordPress 2.0.x branches are now deprecated (a bit earlier then expected) and will therefore no longer be maintained. [Link]
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. [...]
WordPress Plugin DM Albums 1.9.2 vulnerabilities
DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]
