osCommerce 2.3 and 2.3.1 Do Not Contain Vulnerability in categories.php

It was recently reported that the /admin/categories.php file in osCommerce contained a vulnerability that would allow someone to remotely add files to an osCommerce installation without. This could be used to add backdoor script, which would allow the hacker access … Continue reading

It was recently reported that the /admin/categories.php file in osCommerce contained a vulnerability that would allow someone to remotely add files to an osCommerce installation without. This could be used to add backdoor script, which would allow the hacker access to all the website files and the ability to run code on server. This could be used for a number of malicious purposes including added spam or malware to website. osCommerce has been a frequent target for hackers lately, mainly being used to spread malware, due to a number of security vulnerabilities in older versions. In SecurityFocus’s advisory it was stated that version 2.3.1, which is the most recent version of osCommerce, is the vulnerable version. Using the exploit code they provided we tested the exploit and we found that version 2.3.1 is not vulnerable. Version 2.3, which included fixes for a number of security vulnerabilities and a number security enhancements, is also not vulnerable. Version 2.2rc2a and probably versions older than that are vulnerable if the workaround to secure the admin area has not been applied to them.

WordPress 3.0.2 Fixes SQL Injection Vulnerability

WordPress 3.0.2, which was released yesterday, fixes a SQL injection vulnerability that would allow Author-level and above users to view any information stored in the WordPress database. This could be used to view email address, hashed passwords, and other sensitive … Continue reading

WordPress 3.0.2, which was released yesterday, fixes a SQL injection vulnerability that would allow Author-level and above users to view any information stored in the WordPress database. This could be used to view email address, hashed passwords, and other sensitive information stored in the database. WordPress rates this vulnerability as a moderate security issue. The vulnerability existed due to the fact that the “do_trackbacks() function in wp-includes/comment.php  does not properly escape the input that comes from the user”. According to Vladimir Kolesnikov, who discovered it, the vulnerability seems to have existed since WordPress 2.x. Further details of the vulnerability can be found in Vladimir’s blog post.

The new version also includes fixes for several minor cross-site scripting (XSS) vulnerabilities and a number of bug fixes.