Below is a listing articles that are from the blog that you selected. To get a quick summary of the post
click on the title of the article that you want to know more about. If you want to go to the blog's homepage click on the
arrow which is next each article.
Thomas Mackenzie has reported a vulnerability affecting Wordpress >=Â 2.9. Versions before 2.9 are not vulnerable.
tmacuk quote:
Since version 2.9 a new feature was implemented so that users were able to retrieve posts that they may have deleted by accident. This new feature was labelled ‘trash’. Any posts that are placed within the trash are only viewable [...]
If you are running WordPress < 2.8.5 and finding your blog inaccessible at times this post may be for you.
A denial of vulnerability was released back in Oct 2009 that affects < WordPress 2.8.5.
The exploit sends a continuous stream of POST requests with overly large blog titles to wp-trackback.php. This could result in the [...]
One of The Internet Storm Center readers recently discovered a malicious WordPress hacking script.
The script is nothing more then a password guessing tool. However, what makes it unique — as pointed out by ISC, is the fact that it uses a MySQL database backend to store password attempts. This means the script could be executed [...]
Hey guys, we had loads of emails recently regarding wp-scanner just not working. Unfortunately, our old hosting company performed an upgrade which broke our DNS and configurations. To add insult to injury we were also in the process of moving to a new server at a new provider so things have been an utter a [...]
Apple is releasing a critical patch on Saturday to address a recent vulnerability that was demonstrated at the infamous Blackhat hacking conference.
Charlie Miller, a consultant with Independent Security Evaluators, and Collin Mulliner, a PhD student at the Technical University of Berlin, presented the details of the vulnerability at the Black Hat Security Conference in Las [...]
If you haven’t already done so, we’d stongly recommend upgrading to WordPress 2.8.3. Also, the WordPress 2.0.x branches are now deprecated (a bit earlier then expected) and will therefore no longer be maintained. [Link]
Unfortunately, I missed some places when fixing the privilege escalation issues for 2.8.1. Luckily, the entire WordPress community has our backs. [...]
WordPress Plugin DM Albums 1.9.2 vulnerabilities»»
DM Albumsâ„¢ is an inline photo album/gallery plugin that displays high quality images and thumbnails perfectly sized to your blog.
Two vulnerabilities have been made public:
1. Stack released a “remote file disclosure vulnerability” (Low-Medium Risk Level)
2. Septemb0x released a “remote file include vulnerability” (Critical Risk Level)
An attacker could use these vulnerabilities to potentially gain full access [...]
WordPress Plugin Related Sites 2.1 Blind SQL Injection Vulnerability»»
A critical vulnerability has been discovered in the WordPress Plugin Related Sites plugin. An exploit is available in the wild and available on Milw0rm, making this attack easier to exploit.
Although, the vulnerability says that version 2.1 is vulnerable. You should assume previous versions are vulnerable as well.
BlogSec have confirmed that the current version (at the [...]
A number of bloggers and web site owners use phpMyAdmin for easy database administration. Two critical vulnerabilities have been discovered that could be used to gain full access to the affected server.
Exploits have already been made publicly available, see GNUCITIZEN for an example:
http://172.16.211.10/phpMyAdmin-3.0.1.1//config/
config.inc.php?p=phpinfo();
Description
Setup script used to generate configuration can be fooled using a crafted POST [...]
