Vulnerability found in a Wordpress image utility TimThumb
Posted:
Thu Aug 04, 2011 2:15 amby sathish.k
Hackers are exploiting a problem with an image-resizing utility called TimThumb that is widely used in many themes for the blogging platform WordPress, although some fixes have been made to the latest version.
WordPress plug-in vulnerability could be used to steal datab
Posted:
Thu Nov 03, 2011 1:48 amby sathish.k
A vulnerability in an obscure WordPress add-on script that was discovered back in August is currently being used to compromise over 1.2 million websites and could be easily used to siphon data out of databases hosted on servers also hosting the compromised websites, security experts warned today. Different than the many mass compromises of late that have been accomplished via SQL injection, this attack takes advantage of a local file inclusion (LFI) vulnerability that allows attackers to insert PHP shells onto web servers that can be used as the jumping off point for other attacks, including database hacks.