U.S. Dept Of Defense: Information Disclosure via Publicly Accessible Debug Log

A publicly accessible WordPress debug log file was discovered on the target system. The log file contained PHP warnings and deprecated notices that disclosed sensitive server paths and plugin details. This exposure may have assisted an attacker in fingerprinting the environment or exploiting know...

Linux malware leverages plugin exploits to backdoor WordPress sites

Threat Level Attack Report For a detailed threat advisory, download the pdf file here Summary WordPress sites are being exploited by an unidentified strain of Linux malware that exploits flaws in plugins and compromises the sites by injecting malicious JavaScripts that are run sequentially until...

WordPress Plugin All In One WP Security & Firewall Cross-Site Scripting

The first plugin that will be analyzed in detail is called All In One WP Security & Firewall. It adds some additional layers of security to Wordpress, for example a brute force protection for the login or file permission checks. There are definitely quite a lot of good ideas integrated into this...

glftpd.txt

Pimp industries. "Its all about the Bling, B^!%@s and Fame!" Multiple vulnerabilities in Glftpd v1.26 - v2.00 default zip based plug-ins : sitenfo.sh, sitezipchk.sh, siteziplist.sh C Paul Craig - Pimp Industries 2005 Background ------------- glftpd is an open source ftp server used by the more...