New WooThemes Vulnerability Patched – Update Framework Now!
Tony Perez Yesterday a vulnerability on the WooThemes Framework was disclosed by Jason Gill on githumb:gist. The vulnerability allows a visitor to see and run the output of…
Browsing Category
Vulnerability Disclosure
254 posts
GetMama – Conditional malware affecting thousands of sites
Daniel Cid We have been tracking an interesting malware that is affecting thousands of compromised sites. We call it GetMama!! Why conditional? Because instead of just displaying…
e107 Being Exploited – Vulnerable contact.php Scanned and Attacked
David Dede We are seeing an old vulnerability on e107 being widely scanned and exploited. e107 is a free open source content management system (CMS). More details…
WordPress Third Party Vulnerability – Deans FCKEditor with PWWANGS Code for WordPress(version 1.0.0)
You have heard me write in the past about understanding the true Vulnerability within WordPress. In that post I talk to the benefits of the…
Vulnerability in the Absolute Privacy Plugin
We are seeing reports that a vulnerability in the Absolute Privacy WordPress plugin (link) is being used to hack and compromise sites with it installed.…
WordPress 3.3 XSS Vulnerability Patched (3.3.1 Released)
We just learned of a reflected XSS vulnerability in WordPress 3.3 via the comments form (wp-comments.php). It is explained in detail here. The disclosed vulnerability…
Blacklist Warnings for Users of the Stream-Video-Player WordPress Plugin
If you are using the plugin stream-video-player, it might be a good idea to disable this plugin for now. The plugin loads a Flash player…
Malware Being Called From Your php.ini File
Is your site infected with malware, and you can’t find it anywhere? It might be a good idea to search outside of your web directory,…
The New (and Old) .htaccess Attacks – Now Using .in Domains
We have been talking about .htaccess redirections for a while. A site gets compromised and the attackers modify the .htaccess file(s) to redirect any search…
Joomla 1.5.25/1.7.3 Released (Security Update)
If you are using Joomla, now is the time to update it. A new version was just released for the 1.5.x and 1.7.x branches fixing…
Htaccess Redirection to Sweepstakesandcontestsinfo dot com
Last week we started to see a large increase in the number of sites compromised with a .htaccess redirection to http://sweepstakesandcontestsinfo.com/nl-in.php?nnn=555. This domain has been…