Today I am releasing my Simple Log File Analyzer 1.0. [Download here] Description The Simple Log File Analyzer helps you to detect possible hack attempts within the log files of your webserver. Features – Error handling – Scan a log file for four different attack types – Display a short scan report – Write scan [...]

What if there was a project which checks all available extensions for popular CMS (such as Joomla or WordPress) for vulnerabilities and therefore creates a list of “trusted” and secure plugins on which ppl can rely on? During the last weeks I spent much time thinking about the security of websites in general. While many [...]

Please view the original advisory here. The Joomla component JE Job suffers from a Local File Inclusion vulnerability. Furthermore XSS attacks may be possible. Example URI = index.php?option=com_jejob&view=../../../../../../etc/passwd%00 It is highly recommended to activate the PHP var OpenBaseDir and configure it correctly.

On the 6th May 2010 a new version of Google Skipfish (penetration testing tool/vulnerability scanner) was released. View the changelog here. Download it here. According to the changelog not many things were changed.

Please view the original advisory here. The Joomla component JE Ajax Event Calendar suffers from a Local File Inclusion vulnerability. Example URI = index.php?option=com_jeajaxeventcalendar&view=../../../../../../etc/passwd%00 Affected version(s): 1.0.3