McAfee SECURE wtf?
Exec summary: An image resizing utility called timthumb.php is widely used by many WordPress themes. Google shows over 39 million results for the script name. If your WordPress theme is bundled with an unmodified timthumb.php as many commercial and free themes are, then you should immediately either remove it or edit it and set the $allowedSites array to be empty. The utility only does a partial match on hostnames allowing hackers to upload and execute arbitrary PHP code in your timthumb cache directory. I haven’t audited the rest of the code, so this may or may not fix all vulnerabilities. Also recursively grep your WordPress directory and subdirs for the base64_decode function and look out for long encoded strings to check if you’ve been compromised.
Google: allinurl: wp-content “timthumb.php?src=”
Nganluong.vn
Fatal error: Uncaught exception ‘SystemException’ with message ‘You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near ‘transactions.time_created DESC’ at line 4 SQL= SELECT transactions.id, transactions.time_created, transactions.time_performed, transactions.expired_time, transactions.sender_balance, transactions.shipping_status, transactions.receiver_balance, transactions.type, transactions.escrow, transactions.sender, transactions.receiver, transactions.sender_email,transactions.related_transaction_id, transactions.receiver_email, transactions.amount, transactions.status, transactions.comment FROM transactions WHERE transactions.delete = 0 AND (transactions.sender = xxxxx OR transactions.receiver = xxxxx) ORDER BY transactions.time_created DESC LIMIT 0,5 transactions.time_created DESC -1064’ in /var/www/www.nganluong.vn/system/kernel/database.mysql.php:227 Stack trace: #0 /var/www/www.nganluong.vn/commerce/includes/class. in /var/www/www.nganluong.vn/system/kernel/database.mysql.php on line 227
