HP Security Products Blog
From applications to infrastructure, enterprises and governments alike face a constant barrage of digital attacks designed to steal data, cripple networks, damage brands, and perform a host of other malicious intents. HP Enterprise Security Products offers products and services that help organizations meet the security demands of a rapidly changing and more dangerous world. HP ESP enables businesses and institutions to take a proactive approach to security that integrates information correlation, deep application analysis and network-level defense mechanisms—unifying the components of a complete security program and reducing risk across your enterprise. In this blog, we will announce the latest offerings from HP ESP, discuss current trends in vulnerability research and technology, reveal new HP ESP security initiatives and promote our upcoming appearances and speaking engagements.

How to clean up a hacked WordPress installation

Older installations of WordPress have recently experienced a new wave of attacks as they have been increasingly targeted by hackers. These installations are highly susceptible to a variety of attacks. What to do, then, when your installation has been comprimised? Here's a good list from WordPress of the steps to take when your WordPress installation has suffered a successful attack.


http://codex.wordpress.org/FAQ_My_site_was_hacked


The HP Web Security Research Group's own Matt Wood recently wrote some excellent advice for a hacked site, as well. Each of these lists will help you secure your WordPress installations.


http://www.communities.hp.com/securitysoftware/blogs/spilabs/archive/2009/08/19/advice-for-a-hacked-site.aspx

Labels: hacked| Wordpress

Top Five Web Application Vulnerabilities 8/03/09 - 8/16/09

1) Oracle Config Management Multiple SQL-injection Vulnerabilities


Oracle Config Management is susceptible to multiple SQL Injection vulnerabilities.  SQL Injection can give an attacker full access to a backend database, and in certain circumstances can be utilized to take complete control of a system.  Successful exploitation of these vulnerabilities requires  'Valid Session' privileges. Updates which address these issues are available. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35692
http://www.securityfocus.com/bid/35676


2) SAP NetWeaver Application Server 'uddiclient/process' HTML Injection Vulnerability


SAP NetWeaver Application Server is susceptible to an HTML Injection vulnerability. HTML Injection is used to add content into a web server’s response, which can then be used to steal cookie-based authentication credentials, execute arbitrary code in context of the site, or simply alter how the site appears. Updates which resolve this issue are available. Contact the vendor for more details.


http://www.securityfocus.com/bid/36034


3) WordPress 'wp-login.php' Admin Password Reset Security Bypass Vulnerability


WordPress is susceptible to an admin password reset security bypass vulnerability. Successful exploitation will allow an attacker  to reset the administrator password of the application. Updates which address this issue have been released. Contact the vendor for more information.


http://www.securityfocus.com/bid/36014


4) SQLiteManager 'main.php' Cross Site Scripting Vulnerability


SQLiteManager is susceptible to a Cross-Site Scripting vulnerability.  An attacker can leverage this issue to execute script code in the browsers of unsuspecting users in context of the affected application, possibly leading to theft of authentication credentials and other attacks. A fix has not yet been released. Contact the vendor for further details.


http://www.securityfocus.com/bid/36002


5) WordPress Plugin WP-Syntax Remote PHP Code Execution Vulnerability


The WP-Syntax plugin for WordPress is susceptible to a remote code execution vulnerability. Attackers can leverage this issue to execute arbitrary PHP code within the context of the affected webserver process. A fix has not yet been released. Contact the vendor for additional details. 


http://www.securityfocus.com/bid/36040


 

Top Five Web Application Vulnerabilities 7/20/09- 8/2/09

1) Hitachi Multiple Business Logic Products Unspecified Cross-Site Scripting Vulnerability


Multiple Hitachi Business Logic products are susceptible to a Cross-Site Scripting vulnerability. If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems. An advisory and updates which address this issue have been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35793


2) IBM Tivoli Identity Manager Session Fixation Vulnerability


IBM Tivoli Identity Manager is susceptible to a session fixation vulnerability.  Victims who are enticed into visiting a malicious URI can have their session hijacked and give an attacker unauthorized access to the application. A fix has been released. Contact the vendor for further details.


http://www.securityfocus.com/bid/35779


3) Apache HTTP Server HTTP-Basic Authentication Bypass Vulnerability


Apache HTTP Server is susceptible to an HTTP-Basic authentication bypass vulnerability.  Successful exploitation will give an attacker access to protected resources, likely leading to more damaging attacks.  A fix has not yet been released. Contact the vendor more information.


http://www.securityfocus.com/bid/35840


4) WordPress Multiple Cross-Site Scripting Vulnerabilities


WordPress is susceptible to multiple instances of Cross-Site Scripting. These vulnerabilities can be exploited to execute code in the browser of an unsuspecting user and steal cookie-based authentication credentials.   A fix has not yet been released for the 'wp-comments-post.php' issue, while a patch that resolves the Comment Author URI issue is available. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35797
http://www.securityfocus.com/bid/35755


5) Bugzilla 'show_bug.cgi' Information Disclosure Vulnerability


Bugzilla is susceptible to an information disclosure vulnerability. Successful exploitation would give an authenticated attacker access to sensitive information, and would likely lead to more damaging attacks.  A fix has been released. Contact the vendor for more details.


http://www.securityfocus.com/bid/35916

Top Five Web Application Vulnerabilities 7/08/09 - 7/19/09

 1) Oracle Secure Enterprise Search 'search_p_groups' Parameter Cross-Site Scripting Vulnerability


Oracle Database is susceptible to a Cross-Site Scripting vulnerability that affects the Secure Enterprise Search component.  If successful, Cross-Site Scripting can be exploited to manipulate or steal cookies, create requests that can be mistaken for those of a valid user, compromise confidential information, or execute malicious code on end user systems.  Updates which resolve this issue are available. Contact the vendor for further details.


http://www.securityfocus.com/bid/35681


2) Cisco Unified Contact Center Express (CCX) Arbitrary Script Injection Vulnerability


Cisco Unified Contact Center Express (CCX) is susceptible to an arbitrary script injection vulnerability due to a failure of the application to sanitize user-supplied input. Successful exploitation will give an attacker the means to execute arbitrary code in context of the user running the application, possibly leading to further attacks. Fixes which address this issue have been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35705


3) Cisco Unified Contact Center Express CRS Administration Interface Directory Traversal Vulnerability


Cisco Unified Contact Center Express is susceptible to a directory traversal vulnerability.  Successful exploitation would give an attacker the means to view, edit, or delete any file on the server via the CRS Administration interface. Other attacks would likely be possible.  Updates which address this issue have been released. Contact the vendor for more details.


http://www.securityfocus.com/bid/35706


4) WordPress Multiple Existing/Non-Existing Username Enumeration Weaknesses


WordPress is susceptible to multiple existing/non-existing username enumeration weaknesses as different responses are returned for each. Attackers can exploit these weaknesses to discover legitimate login usernames, which would likely aid in conducting brute-force password cracking attacks.  A fix has not yet been released. Contact the vendor for additional information.


http://www.securityfocus.com/bid/35581


5) WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability


WordPress is susceptible to a security bypass vulnerability. Authenticated users can leverage this issue to gain access to configuration scripts, giving them access to sensitive information and possibly the ability to escalate privileges. Successful exploitation would likely lead to other attacks.  Updates which address this issue are available. Contact the vendor for further details.


http://www.securityfocus.com/bid/35584

Search
Showing results for 
Search instead for 
Do you mean 
About the Author(s)
HP Blog

HP Software Solutions Blog

Featured


Follow Us
Labels
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation.