Archive for the ‘Security’ Category

Emil Sayegh
By:


Date:
Mar 13, 2015
If you’re using a version of the popular WordPress SEO plugin Yoast prior to 1.7.3.3, you and your site are vulnerable to a blind SQL injection attack. What damage can the vulnerability cause? The issue with Yoast can lead to a database breach and exposure of confidential information. “The orderby and order GET parameters are not sufficiently sanitised before being used within a SQL query.” Read the full security advisory here. A particular GET request causes the SQL query to execute and sleep for 10 seconds if… Read More
By:


Date:
Jan 29, 2015
Updates 1/30/2015: PHP applications are found to be vulnerable. This includes Wordpress and other PHP based applications. Haldaemon and init, common applications, use the glibc library. If you have these running, (and chances are you are) you will need to reboot your server, not just specific services. To be clear, full reboot is more than likely required to ensure a complete secure environment. What is GHOST? The exploit, being called ‘GHOST’, is a buffer overflow that can be executed against two commands that are part of… Read More
By:


Date:
Apr 17, 2014
As a follow up to our recent and immediate action to address the vulnerabilities related to the Heartbleed bug, we wanted to offer our customers and friends an update. As you aware direct contact with us, our blog posts and media outlets, an exploit in OpenSSL known as “ The Heartbleed Bug” has come to appeared prompting the need to update exploitable software. We here at Codero have already taken proactive steps and sent notifications to our client base that might have been effected by… Read More