Posts Tagged ‘WordPress vulnerability’

Yahoo!The vulnerability in WordPress became the reason of a data leakage of users of mail of Yahoo!

Swindlers got access to sessional cookies-files of users of the Yahoo! service.

Experts from BitDefender found that compromised user account email service Yahoo! occurred because the gaps that existed in WordPress.

Note that the hole was fixed in April 2012. On the domain of developers Yahoo! developer.yahoo.com was posted blog WordPress, administrators have not updated it in a timely manner. Thus, after his compromise hackers could gain access to all the session cookies-file for the domain yahoo . com .

Scammers create fake website designed based news portals MSN / NBC, which was placed on two domains: com-im9.net and com-io4.net. Fake Resources containing malicious code Javascript-library which steals user session cookies-files. (more…)

Wordpress VulnerabilityVulnerability: System compromise in WordPress Clockstone

Danger: High
If the Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: System Compromise

Affected products: WordPress Clockstone Theme 1.x

Affected versions: WordPress Clockstone 1.2, perhaps the only one.

Description:

The vulnerability allows a remote user to execute arbitrary code on the target system.

The vulnerability is caused due to insufficient checks downloaded files in the script wp-content/themes/clockstone/theme/functions/upload.php. A remote user can upload a file containing PHP code and execute it on the system with the privileges of the Web server. (more…)