Top

Archive | vulnerability

Modules Simple Spotlight Upload

Simple spotlight is a jQuery image rotator with navigation. You can have up to 20 images with links. You can turn off the navigation and choose between 27 effects for transition. It also has 5 button styles and a shadow effect. (Read More) Description Uploaded files represent a significant risk to applications. The first step […]

Continue Reading

Bot Network Scanners Activated

During analysis of our logs we noticed that an automated attack against PHP is going on, using a vulnerability in PHP. Attacker is trying to make use of CVE-2012-1823, this only applies if your PHP is used in CGI mode (mod_php is not vulnerable to this). POST /%70%68%70%70%61%74%68/%70%68%70?%2D%64+%61%6C%6C%6F%77%5F%75%72%6C%5F%69%6E%63%6C%75%64%65%3D%6F%6E+%2D%64+%73%61%66%65%5F%6D%6F%64%65%3D%6F%66%66+%2D%64+%73%75%68%6F%73%69%6E%2E%73%69%6D%75%6C%61%74%69%6F%6E%3D%6F%6E+%2D%64+%64%69%73%61%62%6C%65%5F%66%75%6E%63%74%69%6F%6E%73%3D%22%22+%2D%64+%6F%70%65%6E%5F%62%61%73%65%64%69%72%3D%6E%6F%6E%65+%2D%64+%61%75%74%6F%5F%70%72%65%70%65%6E%64%5F%66%69%6C%65%3D%70%68%70%3A%2F%2F%69%6E%70%75%74+%2D%6E Decoding the URL gives: Using -d parameter […]

Continue Reading

Bash Vulnerability

Bash Vulnerability is a family of security bugs in the widely used Unix Bash shell. Many Internet-facing services, such as some web server deployments, use Bash to process certain requests, allowing an attacker to cause vulnerable versions of Bash to execute arbitrary commands. This can allow an attacker to gain unauthorized access to a computer […]

Continue Reading

HTTPOXY Vulnerability

The HTTPOXY vulnerability which has been found recently is a vulnerability that affects applications that run in cgi or cgi-like environments. This means that the issue affects almost all web servers including Apache and Nginx and also most PHP applications. Even the mod_php mode on apache is affected. There is a common system environment variable […]

Continue Reading