The Joomla team just released a new Joomla version 3.4.6 to fix serious vulnerability, i.e. remote code execution. Directly from the Joomla announcement: Browser information is not filtered properly while saving the session values into the database what leads to a Remote Code Execution vulnerability. Joomla CMS versions 1.5.0 through 3.4.5 are vulnerable to remote code […]
There is no excerpt because this is a protected post.
vBulletin on 03 Nov 2015 released security patches. The vBulletin 5.1.4 to 5.1.9 is vulnerable to PHP Object injection, where attacker can take control of the website and dump the database of vBulletin forum. It is found that vulnerability is released in the public. This vulnerability is very serious and easy to exploit to compromise […]
It pleases us to announce the release of our new tool that we create in order to detect SQL injection vulnerability in the affected versions of Joomla CMS 3.2 to 3.4.4. So to scan your website for detection of SQL injection vulnerability, please visit here You can test for Joomla 3.4.4 SQL injection for the vulnerabilities having […]
During my regular penetration testing job, I unravelled an interesting vulnerability of Unauthenticated File Upload in Oracle E-business Suite 0-day vulnerability. This particular Upload Bug can be easily used to upload files on the web-server and also an attacker can flood the hard-disk of the server,thus making it easier for an attacker to leverage the vulnerability […]
Today was another day at work for SecureLayer7 to recover our client’s defaced website. And bang!! I think I hit upon a nasty vulnerability of a famous plugin. Although we successfully patched the vulnerability and we fixed the undoing of the blacklisting. On further research I stumbled upon its usage over the internet. As it […]
If you are looking to manage everything that relates to web security of your company on your own, then this blog is not for you. On the other hand, if you are looking for a safe hand to secure your web services from vulnerability and other malicious stuff over the internet, please keep reading!! Outsourcing […]
CVE-2015-0235 Ghost (glibc gethostbyname buffer overflow) Vulnerability is serious cause for all Linux servers. In effect, this vulnerability is leveraged to execute remote end code execution on the victim Linux server. The vulnerability was found By Qualys Researcher and patched in GNU. What is the cause ? The bug is in __nss_hostname_digits_dots() function of the […]