Magento eCommerce PHP Remote Code Execution

Check Point researchers recently discovered a critical RCE (remote code execution) vulnerability in the Magento on February 9th, 2015 The patch to the Remote Code Execution vulnerability is available on the Magento site; Magento Downloads, patch SUPEE-5344. More Technical information is available on Checkpoint This patch changes following files for community edition app/code/core/Mage/Admin/Model/Observer.php app/code/core/Mage/Core/Controller/Request/Http.php app/code/core/Mage/Oauth/controllers/Adminhtml/Oauth/AuthorizeController.php app/code/core/Mage/XmlConnect/Model/Observer.php lib/Varien/Db/Adapter/Pdo/Mysql.php Before applying Read more about Magento eCommerce PHP Remote Code Execution[…]

Magento owners at risk again from dangerous Malware

  Check if your Magento is a victim. So think before we go with a 3rd party extension again. 19/02/2015: Following the threat to Magento platform owners in October 2014, an evolved and more sophisticated malware – Malware Phantom – has been discovered by security experts Foregenix that puts online businesses at risk from a new Read more about Magento owners at risk again from dangerous Malware[…]

10p fines mean eBay don’t want your products?

eBay have for many years been telling sellers that they want them to list their entire inventory on eBay. Not just the fastest selling lines, not just their distressed or out of season stock, eBay want everything. So that’s just what sellers have done. Now eBay are telling sellers that if something hasn’t sold for Read more about 10p fines mean eBay don’t want your products?[…]’s Spring Seller Update 2015 (mostly fees) has announced its Spring Seller Update. It’s billed as: “Bringing more visibility – and value – to your listings.” That’s a fairly fanciful title when you consider the substance. You can read the news in brief here on the Announcement Board and full details are available on this page. Here’s what eBay is Read more about’s Spring Seller Update 2015 (mostly fees)[…]