Feeds
13620 items (0 unread) in 75 feeds
-
Watchfire Application Security Insider
-
BlogSecurity
-
sirdarckcat
-
Google Online Security Blog
-
CGISecurity.com: Your Web Site and Application Security Resource
-
Switch/Twitch
-
mybeNi websecurity
-
cat slave diary
-
SecuriTeam Blogs
-
Curiouser and Curiouser
-
Alex's Corner
-
Billy (BK) Rios
-
Chris Shiflett
-
christian's weblog
-
funkatron.com
-
GNUCITIZEN
-
The Spanner
-
hackademix.net
-
Ruby on Rails Security Project
-
It's a shampoo world anyway
-
Web Security Blog
-
ha.ckers.org web application security lab
-
Yet Another Infosec Blog
-
PHP Security Blog
-
Security Thoughts
-
Sunnet Beskerming Security Advisories
-
Disenchant's Blog
-
Sylvan von Stuppe
-
Larholm.com
-
The Turkey Curse
-
Jeremiah Grossman
-
Anurag Agarwal - Application Security Evangelist
-
Ivan Ristic
-
deep inside | security & tools
-
omg.wtf.bbq.
-
BlueHat Security Briefings
-
Tactical Web Application Security
-
.:Computer Defense:.
-
tssci security
-
Plynt Penetration Testing Blog
-
Michael Howard's Web Log
-
Security Retentive
-
BindShell.Net
-
Dominic White's .tHE pRODUCT
-
SecurityFocus News
-
Justice League
-
Schneier on Security
-
Rational Survivability
-
terminal23
-
1 Raindrop
-
hiredhacker.com
-
Matasano Chargen
-
-
Michael on Security - Musings on Information Security
-
Fortify blog
-
The Art of Software Security Assessment
-
GDS Security Blog
-
Vodun.org
-
Robert Penz Blog
-
Mark Curphey - SecurityBuddha.com
-
Liminal states
-
Security Ripcord
-
ModSecurity Blog
-
IBM Internet Security Systems Frequency X Blog
-
Suspekt...
-
extern blog SensePost;
-
Zero in a bit
4 items tagged "Alerts"
BlogSecurity
-
Critical IPhone SMS Vulnerability
Posted: August 11th, 2009, 9:48am CDT by DK
Tags: Alerts [edit]
Apple is releasing a critical patch on Saturday to address a recent vulnerability that was demonstrated at the infamous Blackhat hacking conference. Charlie Miller, a consultant with Independent Security Evaluators, and Collin Mulliner, a PhD student at the Technical University of Berlin, presented the details of the vulnerability at the Black Hat Security Conference in Las [...] -
WP Spreadsheet(wpSS) SQL Injection
Posted: April 24th, 2008, 1:32pm CDT by Philipp
Tags: Alerts [edit]
A vulnerability has been found in Spreadsheet(wpSS) WordPress plugin.
The SQL Injection vulnerability may allow an attacker to compromise your backend database and potentially your blog and web server.
A public exploit has been released on milw0rm by 1ten0.0net1.
The ’ss_id’ parameter inside ss_load.php is not correctly escaped before being passed to the database.
It was reported that all versions before 0.6 are vulnerable. The plugin homepage is currently not available. Therefore, we can’t prove that the version 0.61(released August ‘07) is indeed safe to use.
It is recommended that you disable this plugin until a fix has been verified.
-
WP-Download SQL-Injection
Posted: April 4th, 2008, 5:02am CDT by Philipp
Tags: Alerts [edit]
WP-Download 1.2 is vulnerable to a SQL-Injection Vulnerability. The dl_id parameter in "wp-download.php" is not correctly sanistised.
An attacker could use this vulnerability to retrieve usernames and passwords and potentially compromise your blog!
This bug has been reported in version 1.2, but it is likely that older versions are affected.
Please upgrade to version 1.2.1 which addresses this issue.
This vulnerability was discovered by BL4CK. A public exploit has been released into the wild and is available on Milw0rm.
-
WP-Filemanager
Posted: January 8th, 2008, 3:11pm CST by Philipp
Tags: Alerts [edit]
The H-T Team have reported a vulnerability in WP-Filemanager.
***No proof of concept available***
The vulnerability is suppose to affect version 1.2. It may also affect earlier versions (in fact, this is likely). It is possible for an Attacker to upload Arbitrary PHP-Code, which can afterwards be executed with Webserver rights.
Currently there’s no vendor fix available. BlogSecurity recommend that users disable and remove the Plugin until a fix is available.
For the original Bug Disclosure visit SecurityFocus.