Understanding .htaccess attacks – Part 1
David Dede Attackers have been using the .htaccess file for a while. They use this file to hide malware, to redirect search engines to their own sites…
Browsing Category
Vulnerability Disclosure
254 posts
WP-DBManager Security update (serious issue)
Just a quick note that if you are using the WordPress WP-DBManager plugin, make sure to update it as soon as possible. Old versions of…
WordPress 3.1.2 released – Security fixes
The WordPress team just released a new version of WordPress (3.1.2) to fix a security issue where contributor-level users were allowed to publish posts. It…
Automattic / WordPress hacked – Security incident
The guys from Automattic (WordPress) posted today a brief statement about a security incident that they suffered. Tough note to communicate today: Automattic had a…
WordPress 3.1.1 is available (security fixes)
There is a new version of WordPress available (3.1.1) that includes multiple security fixes. These are the changes according to WordPress.org: Some security hardening to…
Continuing attacks against osCommerce: khcol.com
Busy week for osCommerce in terms of malware. First, the div_colors string, then, the CreateCSS string, and now, we are seeing thousands of osCommerce sites…
APRIL FOOLS: No Serious Security Vulnerability on WordPress 3.x – Remote Command Execution
This post was not real. It was an attempt at humor, as bad as it may seem. The post has been removed, and we understand…
WordPress 3.0.3 released (security update)
Running WordPress? Time to update it again! Version 3.0.3 has been released fixing some security vulnerabilities. If you can’t upgrade, make sure to disable remote…
WordPress 0 day exploit (version 3.0.1 and older)
We posted last week about the release of WordPress 3.0.2 that fixes a few security vulnerabilities. Today, full details of the vulnerability and exploit code…
OpenX users – Time to upgrade
*Note that openx.org is currently offline, so we recommend disabling it until you can upgrade. **We are mirroring version 2.8.7 here: http://sucuri.net/openx-2.8.7.tar.gz if you don’t…
Vulnerability in Vbulletin 3.8.6
If you are running Vbulletin 3.8.6 (the latest 3.8.x version), make sure to remove the faq.php as soon as possible. A vulnerability has been found…