Ruby on Rails Vulnerability Leads to Remote Command Execution on Servers
Tony Perez As always, the year is kicking off with a bang. This is a public service announcement to get the word out on a very serious…
Browsing Category
Vulnerability Disclosure
254 posts
W3 Total Cache Implementation Vulnerability
Daniel Cid Just in time for Christmas, it was announced on the full disclosure list a security (configuration/implementation) bug on W3 Total cache (W3TC), one of the…
PSA: December Zero Day’s Announced – MySQL, FreeSSH, Free FTPD
So it looks like we’re closing out the year in style in 2012. This weekend a number of new, very serious, zero-day vulnerabilities were released…
SFTP/FTP Password Exposure via sftp-config.json
Have you heard of the file sftp-config.json? You haven’t? Neither did we until a few weeks ago. It is used by some SFTP/FTP clients (Sublime…
PSA: Skype Vulnerability Released
While not exactly related to web security, it’s always good to take a minute to look at the web’s cousin, the desktop. On November 13th…
Joomla 2.5.8 and 3.0.2 Released (Security Updates)
David Dede Joomla 2.5.8 and 3.0.2 were just released today fixing a medium severity security bug related to a clickjacking/XSS vulnerability. You can find more details on…
Out-of-date Software Affects Websites Big and Small
Last week we published an article listing some big and popular websites that were leaking information about their users via the Apache server-status page. We…
Is WordPress.com SPAM Campaign Due to Compromise?
*****Updated – 20121019***** Both Matt Mullenweg and Barry Abrahamson, System Wrangler with Automattic, have confirmed that there was not an environmental compromise and everything was…
Joomla 2.5.7 Released (Security Update)
Joomla 2.5.7 was just released today fixing 2 low severity security bugs and added a few other improvements. As always, we recommend all our Joomla…
Compromised Websites Hosting Calls to Java Exploit
Remember that Java 0 day vulnerability that was discovered a few weeks ago and took a while to get patched by Oracle? You know, the…
Sociable WordPress Plugin Security Warning
If you are using the Sociable WordPress Plugin (plugin with 1,777,161 downloads), be very careful when visiting the plugin’s page settings. We recommend that you…