Friday, November 23, 2012

Soon to be expected...

Hi folks,

We're working very hard on new stuff and security research, so very soon DefenseCode will release some interesting stuff... Like...

- Cisco Linksys remote preauth 0day root exploit
- Vulnerabilities in software from NASA
- Free Internet tricks....
- ThunderScan Source Code Security Analysis software for Android apps
- Web Security Scanner
- BlackTitan Internet Security with advanced JavaScript Malware analysis engine

Stay tuned.. :)

Regards,
DefenseCode

Monday, November 12, 2012

Vulnerabilities in WP E-Commerce plugin for WordPress


DefenseCode released Security Advisory DC-2012-11-001 to address an issue that affects Wordpress WP E-Commerce Plugin, one which has more than 2 million downloads and is one of the most popular for WordPress. Advisory covered multiple vulnerabilities that were discovered during the security audit of the mentioned plugin. All vulnerabilities were discovered using DefenseCode's ThunderScan PHP, web application source code security analyzer. Bugs found by ThunderScan are High risk SQL injections and Cross Site Scripting which attacker can use to compromise the targeted system. DefenseCode has contacted the vendor and the vulnerabilities are fixed in the latest WP e-Commerce release (3.8.9.1).

You can find more details about the advisory here.

Soon, we’ll release a lot more vulnerabilities discovered by our ThunderScan software. Also, we’ll release a few interesting 0day vulnerabilities not related to web applications, so make sure that you’re subscribed to our RSS feed.

Regards,
DefenseCode