Quick Links for 2 March 2007
- WordPress Multiple Script Injection Vulnerabilities - Multiple script injection vulnerabilities have been discovered in WordPress 2.1.1, these allows remote attackers to insert arbitrary HTML and/or JavaScript into the pages returned to the client.
- Solaris worm blasts its way through telnet flaw - Internet worm that is exploting a recently announced vulnerability on Sun Solaris servers.
- the Month of PHP Bugs - March is the Month PHP Bugs (MoPB), where old and new security vulnerabilities in the Zend Engine, the PHP core and the PHP extensions will be disclosed on a day by day basis.
- MessageLabs releases Intelligence Report - Cyber Criminals Continue to Pose a Threat in the Face of Growing Global Legislation.
Loading ...
on March 3rd, 2007 at 12:42 pm
[…] I’d linked about the WordPress Multiple Script Injection Vulnerabilities in yesterday’s Quick Link, and today WordPress is reporting that a cracker gained user-level access to one of the servers and modified the 2.1.1 download file. Hackers have managed to modify two files in WP 2.1.1 to include code that would allow for remote PHP execution. The 2.1.1 package does not seem to have been compromised when it was initially released, WordPress encourages all users to upgrade to 2.1.2 to patch the security hole. […]