0

Critical IPhone SMS Vulnerability

Posted by DK
at August 11, 2009

Apple is releasing a critical patch on Saturday to address a recent vulnerability that was demonstrated at the infamous Blackhat hacking conference.

Charlie Miller, a consultant with Independent Security Evaluators, and Collin Mulliner, a PhD student at the Technical University of Berlin, presented the details of the vulnerability at the Black Hat Security Conference in Las [...]

Alerts
0

WordPress 2.8.3 Fixes Security Holes

Posted by DK
at August 4, 2009

If you haven’t already done so, we’d stongly recommend upgrading to WordPress 2.8.3. Also, the WordPress 2.0.x branches are now deprecated (a bit earlier then expected) and will therefore no longer be maintained. [Link]
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. [...]

Advisories, WordPress
2

WordPress Plugin DM Albums 1.9.2 vulnerabilities

Posted by DK
at July 1, 2009

DM Albums™ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released  a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]

Advisories, WordPress
3

WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability

Posted by DK
at July 1, 2009

A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit.
Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well.
BlogSec have confirmed that the current version (at the [...]

Advisories, WordPress
0

Critical phpMyAdmin Vulnerabilities Discovered

Posted by DK
at June 10, 2009

A number of bloggers and web site owners use phpMyAdmin for easy database administration. Two critical vulnerabilities have been discovered that could be used to gain full access to the affected server.
Exploits have already been made publicly available, see GNUCITIZEN for an example:

http://172.16.211.10/phpMyAdmin-3.0.1.1//config/
config.inc.php?p=phpinfo();

Description
Setup script used to generate configuration can be fooled using a crafted POST [...]

News, Security Tips
Previous Page
Next Page