Dengan dilaporkannya exploit terbaru untuk wordpress dibawah 2.8.4 maka, saya langsung melakukan upgrade blog saya yang berbasis wordpress ke versi terbaru (2.8.4). Meski di server sudah saya pasang beberapa tindakan preventation namun saya harus melakukan upgrade karena versi wordpress yang saya pakai memang sudah 2 kali mengalami 2 major upgrade. Meski demikian, upgrade major version cukup sulit terutama, saya harus menyesuaikan template yang sudah saya custom sendiri dengan engine wordpress terbaru. Setelah berkutat selama 15 menit, akhirnya upgrade berhasil dengan baik, termasuk upgrade plugin-plugin yang saya gunakan. Disamping itu, ternyata ada fitur yang membuat saya tercengang, yaitu upgrade plugins secara otomatis (berbasis web), amazing.
Detik News- Exploit DB
- [webapps] Men Salon Management System 1.0 - SQL Injection Authentication Bypass August 2, 2021Men Salon Management System 1.0 - SQL Injection Authentication Bypass
- [remote] Neo4j 3.4.18 - RMI based Remote Code Execution (RCE) August 2, 2021Neo4j 3.4.18 - RMI based Remote Code Execution (RCE)
- [webapps] Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS) August 2, 2021Online Hotel Reservation System 1.0 - 'Multiple' Cross-site scripting (XSS)
- [webapps] Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF August 2, 2021Panasonic Sanyo CCTV Network Camera 2.03-0x - 'Disable Authentication / Change Password' CSRF
- [webapps] Denver IP Camera SHO-110 - Unauthenticated Snapshot July 29, 2021Denver IP Camera SHO-110 - Unauthenticated Snapshot
- [webapps] Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download July 29, 2021Longjing Technology BEMS API 1.21 - Remote Arbitrary File Download
- [webapps] IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration July 29, 2021IntelliChoice eFORCE Software Suite 2.5.9 - Username Enumeration
- [webapps] Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection July 29, 2021Care2x Integrated Hospital Info System 2.7 - 'Multiple' SQL Injection
- [webapps] CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE) July 29, 2021CloverDX 5.9.0 - Cross-Site Request Forgery (CSRF) to Remote Code Execution (RCE)
- [webapps] Oracle Fatwire 6.3 - Multiple Vulnerabilities July 29, 2021Oracle Fatwire 6.3 - Multiple Vulnerabilities
- [remote] Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE) July 28, 2021Denver Smart Wifi Camera SHC-150 - 'Telnet' Remote Code Execution (RCE)
- [webapps] TripSpark VEO Transportation - Blind SQL Injection July 28, 2021TripSpark VEO Transportation - Blind SQL Injection
- [webapps] Event Registration System with QR Code 1.0 - Authentication Bypass & RCE July 28, 2021Event Registration System with QR Code 1.0 - Authentication Bypass & RCE
- [webapps] PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection July 27, 2021PHP 7.3.15-3 - 'PHP_SESSION_UPLOAD_PROGRESS' Session Data Injection
- [webapps] Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass July 27, 2021Customer Relationship Management System (CRM) 1.0 - Sql Injection Authentication Bypass
- [webapps] Men Salon Management System 1.0 - SQL Injection Authentication Bypass August 2, 2021