Unrestricted file upload vulnerability in editor/extensions/browser/file.php in the Joomla Content Editor (JCE) component before 2.1 for Joomla!, when chunking is set to greater than zero, allows remote authors to execute arbitrary PHP code by uploading a PHP file with a double extension. Registered as CVE-2012-2902 Pyxsoft solution Multiple exploits combine the JCE vulnerability with Multipart…
Users upload data. No matter what web application they are using, most of them needs data to be uploaded. Normally users upload images, text files, documents, pdf and more. To upload a file, web browsers send to the server a request known as “Multipart Form”. Multipart form have a specific format defined in RFC 2388…
Pyxsoft2 can be installed in many operating systems and control panels. Please select in the sidebar your OS version and/or control panel to read the specific instructions.
WordPress Vulnerability CVE-2018-6389 February, 5th, 2017. A new WordPress vulnerability was discovered by Israeli researcher Barak Tawily. According to the official WordPress website, 29% of the existing websites use this platform and, therefore, are affected by this vulnerability. The problem lies upon the load-scripts.php file, which purpose is to retrieve several Javascript packages through one…
What is a web shell? A web shell is a script that is often uploaded to a server with the aim of giving a hacker the remote control of a machine. Web servers that become infected can either be internal to the network or internet-facing, where the shell is utilized to pivot further to the…
The brute force is one of the most common ways used by hackers to gain access to a server. This method is used against many targets: SSH FTP Mail accounts CMS like WordPress and Joomla! In the lasts times there have been a huge increment in BF attacks against WordPress and Joomla sites. Those attacks…
Revslider (revolution slider) is a component included by defect in many themes and WordPress templates. Unfortunately, in present days, many vulnerabilities have been found, and some of them are very dangerous. 2014 November 26th A vulnerability which allows to upload and execute a shell in any site, without previus authentication, was discovered. Flagged as CRITICAL.…
