What if there was a project which checks all available extensions for popular CMS (such as Joomla or WordPress) for vulnerabilities and therefore creates a list of “trusted” and secure plugins on which ppl can rely on? During the last weeks I spent much time thinking about the security of websites in general. While many [...]

Please view the original advisory here. The Joomla component JE Job suffers from a Local File Inclusion vulnerability. Furthermore XSS attacks may be possible. Example URI = index.php?option=com_jejob&view=../../../../../../etc/passwd%00 It is highly recommended to activate the PHP var OpenBaseDir and configure it correctly.

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

Please view the original advisory here. The Joomla component JE Ajax Event Calendar suffers from a Local File Inclusion vulnerability. Example URI = index.php?option=com_jeajaxeventcalendar&view=../../../../../../etc/passwd%00 Affected version(s): 1.0.3

Please view the original advisory here. The free shoutbox script from damianov.net suffers from a XSS vulnerability. Injecting arbitrary HTML and Java Script code is possible while adding a new shout, no matter if HTML is allowed in the shoutsettings.php or not. #1 Example: <SCRIPT src=some-script.js></SCRIPT> #2 Example: <SCRIPT>alert(“XSS”)</SCRIPT> #3 Example: <SCRIPT>alert(document.cookie)</SCRIPT> #4 Example: <script>document.location.href=”http://www.google.de”</script> [...]

During the last years I most probably used the same websites like you: GMail, Facebook, Zynga Games (games being offered through MySpace and Facebook for example) and many more. They all have one thing in common: They are offering free services. And all of them are companies. And all of them have an interested in [...]

I have received some mails, mostly regarding security stuff and didn’t reply. For those who wonder: I am currently busy learning for one of the two final exams. The most comprehensive one is tomorrow (have to wake up at 5:20 am, Jesus!), that is why I am currently not doing any work for any project [...]

I was very happy when I received the news from Stephen Spector, Community Manager of Xen.org, that my suggestion for a Xen.org mascot was chosen by the Xen.org community. Back in 2008, Stephen was asking the community if they would like to have a mascot for Xen. Some suggestions were entered, sadly the shark and [...]

Please view the original advisory here.

Please view original advisory here.