// home

Latest Post

IXXO Cart! Standalone and Joomla Component SQL Injection

Ref. [DSF-03-2009] – IXXO Cart! Standalone and Joomla Component SQL Injection Vendor: IXXO Internet Solutions Status: Patched by vendor IXXO Cart! IXXO Cart is an extremely powerful php shopping cart and web site builder application. Designed from a marketing perspective, this ecommerce application is feature-packed, robust, scalable and easy to use. IXXO Cart Plus is the clear choice for [...]

Asides

  • It's possible for a malicious user reset admin password on latest version Wordpress 2.8.3. Check out explanation here, patch here and exploit here. #
  • Wordpress fixes latest security problems, download it now. #
  • Great combination of techinques published by SecureThoughts. #
  • Wordpress 2.8.2 is out and covers/patches some XSS problems in comments at admin section. #
  • A very good and self explanatory article that covers 10 points on the truth about pen-testing, written by Alberto Soliño. Check it out here. #
  • anti-sec again is the group who everyone is talking. They hacked imageshack and promote their anti full-disclosure policy. Great discussion at Slashdot about this. #
  • Wordpress update is out, download here. #
  • After str0ke announce that milw0rm will be closed, it seems that a couple of guys will continue his work. Hope they continue the great job str0ke made in the last years of milw0rm existence. #
  • Michael Jackson death malware is already spreading according to the latest news. #
  • Mozilla security program manager Brandon Sterne just published an article about a feature Mozilla is working on - Content Security Policy. This feature will allow to protect against XSS, clickjacking and other attacks. Just a must read. #

Welcome to David Sopas

A place where a user can read the latest articles on web security and keep in touch with my latest advisories. Be the first to receive the latest updates by signing up my RSS .