post-page

Please update MyGallery Plugin

13
responses
by
 
on
April 30th, 2007
in
Blogging News, LinkyLoo, WordPress Plugins

MyGallery Plugin for WordPress If you are using the myGallery plugin for WordPress to display your pictures, please follow the link above and update your plugin to the latest version. A pretty serious remote code execution vulnerability in the plugin has been found and disclosed and there have been scattered reports of hack attempts.

heading
heading
13
Responses

 

Comments

  1. my fotos (1 comments.) says:

    may gallery

  2. Nick (2 comments.) says:

    I’d recommend people subscribe to the Milw0rm rss of latest exploits, even if people aren’t interested in hackin/security stuff, It’s a good way of getting a heads up on what the script kiddies are going to target next. The my gallery exploit was posed a couple of days ago.

  3. ttancm (34 comments.) says:

    Thanks for the tip!

    Nice since I didn’t get anything from the plugin author although I am subscribed to the comments on his main plugin description…

  4. ttancm (34 comments.) says:

    BTW, any details on this vulnerability? Anything in particular we should look for to make sure our sites weren’t compromised?

    (I don’t need details on how to carry out the exploit, just what type of behavior the vulnerability allows)

  5. Mark (386 comments.) says:

    ttancm, I tried to stay away from describing the vulnerability here. Just search on google for myplugin vulnerability and you should find lots of resources.

  6. John Bollwitt (1 comments.) says:

    Thanks for this heads up! One of my sites, radiozoom.net, went down after a mygallery problem showed up. Couldn’t even get into the front page. I removed the plugin physcally in case this was the problem, and apparently it was. Will update ASAP.

  7. Alex Rabe (1 comments.) says:

    Please update also wordTube,wp-table and myFlash. I have a similar problem in this plugins. All versions at wordpress.org and on my homepage are now safe… Sorry for the problems.

  8. ttancm (34 comments.) says:

    Mark,
    Definitely understandable, sort of mute anyway since as far as I can tell the exploit lets them do pretty much anything they want.

  9. ttancm (34 comments.) says:

    mute = moot =P



Trackbacks/Pingbacks

  1. [...] äußert sich unter dazu und verweist gleich noch auf einen schon ein paar alte Tage alten Hack von myGallery. Der Exploit befindet sich ebenfalls auf milw0rm ( http://www.milw0rm.com/exploits/3814 ). Allen [...]

  2. [...] the MyGallery WordPress Plugin: Weblog Tools Collection warns that if you are using the MyGallery Plugin for WordPress, update it immediately. A vulnerability [...]

  3. [...] die Fehler, die für die Angriffe gesorgt haben: Programmierfehler in den Plugins Wordtube und myGallery. Wer diese verwendet, sollte schleunigst auf die aktuellste Version [...]

Obviously Powered by WordPress. © 2003-2013

page counter
css.php