This is a simple script to infect images with PHP Backdoors for local file inclusion attacks.
Monthly Archives: January 2015
Companies to spend more on cybersecurity in 2015
In the wake of several high profile hacks in 2014, companies are set to spend more on cybersecurity this year, according to a survey by Piper Jaffray.
The post Companies to spend more on cybersecurity in 2015 appeared first on We Live Security.
WordPress Slideoptinprox Cross Site Scripting
WordPress Slideoptinprox plugin suffers from a cross site scripting vulnerability.
Multiple vulnerabilities in Content Rating Extbase (content_rating_extbase)
Release Date: January 9, 2015
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: 2.0.3 and all versions below
Vulnerability Type: Cross-Site Scripting, SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:U/RC:C
Problem Description: The extension fails to properly escape user input in HTML and SQL context.
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Credits: Credits go to Steffen Müller who discovered and reported the vulnerabilities.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Multiple vulnerabilities in Content Rating (content_rating)
Release Date: January 9, 2015
Component Type: Third party extension. This extension is not a part of the TYPO3 default installation.
Affected Versions: 1.0.3 and all versions below
Vulnerability Type: Cross-Site Scripting, SQL Injection
Severity: High
Suggested CVSS v2.0: AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:U/RC:C
Problem Description: The extension fails to properly escape user input in HTML and SQL context.
Solution: Versions of this extension that are known to be vulnerable will no longer be available for download from the TYPO3 Extension Repository. The extension author failed in providing a security fix for the reported vulnerability in a decent amount of time. Please uninstall and delete the extension folder from your installation.
Credits: Credits go to Steffen Müller who discovered and reported the vulnerabilities.
General advice: Follow the recommendations that are given in the TYPO3 Security Guide. Please subscribe to the typo3-announce mailing list to receive future Security Bulletins via E-mail.
Reflecting XSS vulnerability in CMS e107 v. 1.0.4
Posted by Steffen Rösemann on Jan 09
Advisory: Reflecting XSS vulnerability in CMS e107 v. 1.0.4
Advisory ID: SROEADV-2014-05
Author: Steffen Rösemann
Affected Software: CMS e107 v. 1.0.4
Vendor URL: http://e107.org
Vendor Status: did not respond to issue
CVE-ID: –
==========================
Vulnerability Description:
==========================
The CMS e107 v. 1.0.4 has a reflecting XSS vulnerability in its
administrative backend which can be exploited by bypassing an XSS filter….
Bugtraq: [ MDVSA-2015:017 ] libevent
[ MDVSA-2015:017 ] libevent
Bugtraq: [ MDVSA-2015:018 ] asterisk
[ MDVSA-2015:018 ] asterisk
Bugtraq: Recon 2015 Call For Papers – June 19 – 21, 2015 – Montreal, Canada
Recon 2015 Call For Papers – June 19 – 21, 2015 – Montreal, Canada
Bugtraq: [SECURITY] [DSA 3121-1] file security update
[SECURITY] [DSA 3121-1] file security update