As warned a few days ago, the Magento Shoplift (SUPEE-5344) vulnerability details have been disclosed by the CheckPoint team. They show step by step how it can be exploited to take over a vulnerable Magento site. They have prepared the following video showing a Proof of Concept (PoC) in which they create a fake coupon: That’sRead […]
Tag Archives: vulnerability
Creative Evasion Technique Against Website Firewalls
During one of our recent in-house Capture The Flag (CTF) events, I was playing with the idea of what could be done with Non-Breaking Spaces. I really wanted to win and surely there had to be a way through the existing evasion controls. This post is going to be a bit code-heavy for most end-users, […]
Security Advisory – High Severity– WordPress Download Manager
Advisory for: WordPress Download Manager Security Risk: Very High Exploitation level: Easy/Remote DREAD Score: 9/10 Vulnerability: Code Execution / Remote File Inclusion Risk Version: <2.7.4 If you’re using the popular WP Download Manager plugin (around 850,000 downloads), you should update right away. During a routine audit for our Website Firewall (WAF), we found a dangerous […]
Security advisory – High severity – InfiniteWP Client WordPress plugin
Advisory for: InfiniteWP Client for WordPress Security Risk: High (DREAD score : 8/10) Exploitation level: Easy/Remote Vulnerability: Privilege escalation and potential Object Injection vulnerability. Patched Version: 1.3.8 If you’re using the InfiniteWP WordPress Client plugin to manage your website, now is a good time to update. While doing a routine audit of our Website Firewall […]
Joomla! 3.3.5 Released – Fixing High Priority Security Issues
The Joomla team just released versions 3.3.5, 3.2.6 and 2.5.26, patching security issues. The first one is an Remote File Include (RFI) vulnerability and the second one is a Denial of Service (DoS) vulnerability that affect all previous versions. If you are using Joomla, stop what you are doing and update it now! What’s very […]
Bash – ShellShocker – Attacks Increase in the Wild – Day 1
The Bash ShellShocker vulnerability was first disclosed to the public yesterday, 2014/Sep/24. Just a few hours after the initial release, we started to see a few scans looking for vulnerable servers. Our Website Firewall (CloudProxy) had already virtually patched the vulnerability via it’s Zero Day response mechanism. This allowed us to to create sinkholes to […]
Security Advisory – Hikashop Extension for Joomla!
Advisory for: Hikashop for Joomla! Security Risk: High (DREAD score : 7/10) Vulnerability: Object Injection / Remote Code Execution Updated Version: 2.3.2 In a routine audit of our Website Firewall we discovered a serious vulnerability within the Hikashop ecommerce product for Joomla! allowing remote code execution on the vulnerable website[s]. What are the risks? This […]
Security Advisory – Critical Vulnerability in the VirtueMart Extension for Joomla!
Advisory for: VirtueMart for Joomla! Security Risk: High Exploitation level: Easy/Remote Vulnerability: Access control bypass / Increase of Privilege If you’re using the popular VirtueMart Joomla! extension (more than 3,500,000 downloads), you should update right away. During a routine audit for our Website Firewall product we found a critical vulnerability that could be used by a […]
MailPoet Vulnerability Exploited in the Wild – Breaking Thousands of WordPress Sites
A few weeks ago we found and disclosed a serious vulnerability on the MailPoet WordPress Plugin. We urged everyone to upgrade their sites immediately due to the severity of the issue. The vulnerability allowed an attacker to inject anything they wanted on the site, which could be used for malware injections, defacement, spam and many […]
Disclosure: Insecure Nonce Generation in WPTouch
If you use the popular WPTouch plugin (5m+ downloads) on your WordPress website, you should update it immediately. During a routine audit for our WAF, we discovered a very dangerous vulnerability that could potentially allow a user with no administrative privileges, who was logged in (like a subscriber or an author), to upload PHP files […]