Impedance mismatch: a hacker’s best friend.
A security application, such as a Web Application Firewall or an Anti-Virus, can be vulnerable to impedance mismatch attacks if it interprets traffic and input differently…
Tag: Vulnerability
Arbitrary file upload vulnerability in WordPress Delete-All-Comments plugin.
On November 20th, while auditing a hacked WordPress website, we identified a critical vulnerability in the Delete All Comments WordPress plugin v2.0, which has over 30,000…
Latest Joomla! critical vulnerability being actively exploited in the wild.
Joomla! 3.6.4 was released on October 25. It fixed three critical vulnerabilities: CVE-2016-8869, CVE-2016-8870 and CVE-2016-9081. The third one was discovered two days later. Someone published…
All In One WP Security & Firewall multiple XSS vulnerabilities (<=4.0.7).
NinTechNet identified multiple XSS vulnerabilities in the All In One WP Security & Firewall v4.0.7 plugin. The affected parameter was ‘tab’ (all pages): /wp-admin/admin.php?page=aiowpsec&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_settings&tab=[XSS] /wp-admin/admin.php?page=aiowpsec_useracc&tab=[XSS]…
Critical vulnerability in Swift Security Hide WordPress Firewall plugin leads to phishing attack.
This is a very interesting spear phishing attack case that we had to deal with this week. Spear phishing are attempts directed at a specific individual,…