Top

Tag Archives | vulnerability

Drupal – Remote Code Execution (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3

This vulnerability discovered Drupal security team one weeks ago, a highly critical (20/25 NIST rank), (SA-CORE-2018-004 / CVE-2018-7602) nicknamed Drupalgeddon 3. This vulnerability continues Drupalgeddon 2 and allow an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute […]

Continue Reading

Drupal – Remote Code Execution (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2

This vulnerability discovered Drupal security team two weeks ago, a highly critical (25/25 NIST rank), (SA-CORE-2018-002 / CVE-2018-7600) nicknamed Drupalgeddon 2. This vulnerability allowed an unauthenticated attacker to perform remote code execution. An exploitation method was published a few days ago for this vulnerability which allows attacker in the server execute any code with user […]

Continue Reading

ModSecurity Rules for Formidable Forms / Shortcodes Ultimate vulnerability

Sucuri reported Formidable Forms / Shortcodes Ultimate Exploits In The Wild On Monday, November 20th. – Formidable Forms vulnerability – read more – Shortcodes Ultimate vulnerability – read more We have not yet seen exploitation of the vulnerability, but we also decided to make the modsecurity rule for this vulnerability. If you server have certain […]

Continue Reading

xo.php

This malware trying write another malware to server, it’s using old cherry-plugin import/export file upload vulnerability. Here source code to malware: Source of xo.php Details $uri is infected server address. $url is base64 encoded remote server address, where trying download more malware and put server to remote access: http://fastwealthformula.online/callback/shell Remote file Final Words Use Malware […]

Continue Reading

Attacks in Pagelines for WordPress themes

Last few days we have seen very much attacks this old Pagelines WordPress theme vulnerability. Sucuri discovered Pagelines vulnerability on January 2015. Technical Details Any website using vulnerable version of the platform theme (<1.4.4) is risk Privilege Escalation and Remote Code Execution. ModSecurity Audit log, Payload [27/May/2017:02:32:09 +0300] WSi6@VQikyQAAErqcawAAAAg 93.170.77.90 37930 127.0.0.1 80 –5367c063-B– POST […]

Continue Reading

db.php

This malware try upload db.php to WordPress clickjacking vulnerability. Clickjacking is an attack that places an invisible iframe containing a webpage over top of another, visible webpage. The victim user is lured into clicking on the invisible iframe to perform an action when they think they are clicking on the webpage they can see. The […]

Continue Reading

SQL Injection Vulnerability in NextGEN Gallery for WordPress

A WordPress NextGEN Gallery plugin installed on over one million sites has just fixed a severe SQL injection vulnerability that can allow attackers to steal data from a website’s database. Technical Details Vulnerability can be exploited by attackers in at least two different scenarios: First scenario The first attack scenario can happen if a WordPress […]

Continue Reading

RCE Attempts Against the Latest WordPress API Vulnerability

We are see remote command execution (RCE) attempts trying to exploit the latest WordPress API Vulnerability. The attackers trying to exploit sites that have plugins like the Insert PHP, Exec-PHP and similar installed plugins. These plugins, allow users to insert PHP code directly into the posts as a way to make customizations easier. Coupled with […]

Continue Reading

Content Injection Vulnerability in WordPress 4.7.x API

A new dangerous content injection vulnerability has been discovered in the WordPress CMS, it is a zero-day content injection flaw in the WordPress REST API. A fix for this was silently included on version 4.7.2 along with other less severe issues. Introduction This privilege escalation vulnerability affects the WordPress REST API that was recently added […]

Continue Reading

php fwrite base64 decode

An attacker trying hide malware, before it’s uploaded, fwrite to server and executed. This attacks type uses Cross-Site Request Forgery & Remote Content Execution vulnerability together (CSRF & RCE vulnerability) It’s also base64 encoded content, so it’s more difficult find with scanners. Example – fwrite & base64_encoded malware base64_decode malware When malware uploaded to server […]

Continue Reading