Joomla JomSocial Remote Code Execution Vulnerability
Daniel Cid The JomSocial team just released an update that fixes a very serious remote code execution vulnerability that affects any JomSocial version older than 3.1.0.4. From…
Browsing Category
Vulnerability Disclosure
254 posts
Recent OptimizePress Vulnerability Being Mass Infected
A few weeks ago we wrote about a file upload vulnerability in the OptmizePress theme. We were seeing a few sites being compromised by it,…
Security Issue on vBulletin uploader.swf
David Dede The vBulletin team recently disclosed a XSS (cross site scripting) vulnerability in the uploader.swf file that is included by default on vBulletin 4 and 5.…
Zero Day Vulnerability in OpenX Source 2.8.11 and Revive Adserver 3.0.1
If you are using OpenX or the new Revive Adserver (fork of OpenX), you need to update it ASAP. Florian Sander discovered a serious SQL…
WordPress OptimizePress Theme – File Upload Vulnerability
Denis Sinegubko We’re a few days short on this, but it’s still worth releasing as the number of attacks against this vulnerability are increasing ten-fold. The folks…
Case Study: Analyzing a WordPress Attack – Dissecting the webr00t cgi shell – Part I
Tony Perez November 1st started like any other day on the web. Billions of requests were being shot virtually between servers in safe and not so safe…
Server Update Time: OpenSSH Vulnerability Disclosed
The OpenSSH team just released a security advisory about a vulnerability affecting both OpenSSH 6.2 and 6.3. If you are not familiar with OpenSSH, it’s…
WHMCS SQL Injection Vulnerability in the Wild
A few days ago, a zero-day SQL injection vulnerability in WHMCS was disclosed by localhost.re, along with the exploit code. It was quickly patched by…
Potential vBulletin Exploit (4.1+ and 5+)
The vBulletin team just posted a pre-disclosure warning on their announcements forum about a possible exploit in versions 4.1+ and 5+ of vBulletin. They don’t…
Joomla Media Manager Attacks in the Wild
If you are using Joomla and didn’t update your site recently, you better stop doing whatever you are doing, and update it now. There is…
The Dangers External Services Present To Your Website
Today the Washington Post reported that they were victims of hack, orchestrated by the Syrian Electronic Army. This attack is interesting because it sheds light…