Java Zero-Day In The Wild
Tony Perez A Java Zero-Day vulnerability was disclosed today, and its being distributed through the use of websites. If you visit an infected site you’ll see something…
Browsing Category
Vulnerability Disclosure
254 posts
Magento Security Update (1.7.0.2) – Zend_XmlRpc Vulnerability
David Dede A few days ago, Magento 1.7.0.2 was released to fix a very serious security vulnerability that allows attackers to read any file on the web…
Microsoft XML Core Service Zero Day Vulnerability Being Targeted
On June 12th we reported the release of a new Microsoft Security Advisory. It was of specific interest to us as it was exploitable via…
Uploadify, Uploadify and Uploadify – The New TimThumb?
Daniel Cid We are seeing a lot of noise again regarding the Uploadify script vulnerabilities affecting some WordPress themes/plugins. If you are not familiar, Uploadify allows anyone…
Plesk Vulnerability Leading to Malware
Our friends over at Unmask Parasites posted two very good reports about a mix of Plesk vulnerabilities being used to mass-compromise websites, and redirecting them…
Joomla 2.5.5 released (security update)
Joomla 2.5.5 was just released today, with a few bugs fixed and 2 important security updates for a privilege escalation and an information disclosure issue:…
Public Service Announcement: Microsoft Security Advisory (2719165)
Today Microsoft released a security advisory to all users running the Windows operating system (OS). A new vulnerability has been identified that allows for the…
Security Vulnerability in MySQL
A serious security vulnerability discovered in MySQL was disclosed this weekend. It basically allows anyone to bypass authentication and log in directly into the database.…
List of Domains Hosting Webshells for Timthumb Attacks
We have been tracking TimThumb related attacks for a while and they are still at full force (yes, some people are still using the outdated…
Official WordPress Plugin Directory – Forcing Plugin Updates
Dre Armeda For some while we have wondered what happens when a plugin is removed from the official WordPress plugin directory for security reasons. Historically, we haven’t…
PHP-CGI Vulnerability Exploited in the Wild
When the PHP-CGI vulnerability was disclosed, we knew it would be just a matter of days before it started to be exploited in the wild.…