More Mambo Security Worries
From Netcraft.com
Hackers are actively seeking out unpatched versions of the Mambo content management system, which recently repaired a serious security hole. Sites running on Mambo should upgrade to the latest version as soon as possible. More information here.
In February last year, James Bercegay of GulfTech Security Research announced vulnerabilities in Mambo that could allow a server compromise by a remote attacker, including several methods of an SQL injection attack. Bercegay also found a way for attackers to use Mambo's file inclusion features to breach system security. Last July Bercegay discovered a weakness in XML-RPC libraries used by numerous PHP-based blogging and content management apps.
Internet criminals often target unpatched vulnerabilities in open source CMS apps including phpBB, PostNuke, Mambo and Drupal, hoping to build botnets for use in phishing scams and distributed denial of service (DDoS) attacks.
Compromised web forums hosted more than 6background-color: #b7c3cf; -moz-border-radius: 10px; min-height: 20px; width: 575px; font-weight: normal; padding: 15px 15px 15px 15px;background-color: #b7c3cf; -moz-border-radius: 10px; min-height: 20px; width: 575px; font-weight: normal; padding: 15px 15px 15px 15px; phishing spoof sites identified by the Netcraft Toolbar Community in 2background-color: #b7c3cf; -moz-border-radius: 10px; min-height: 20px; width: 575px; font-weight: normal; padding: 15px 15px 15px 15px;background-color: #b7c3cf; -moz-border-radius: 10px; min-height: 20px; width: 575px; font-weight: normal; padding: 15px 15px 15px 15px;7.
