How to turn keyboard backlight on GNU / Linux, keyboard no backlight solution

October 20th, 2017


If you're a GNU / Linux user and you happen to buy a backlighted keyboard, some nice new laptop whose keyboard supports the more and more modern keyboard growing or if you happen to install a GNU / Linux for a Gamer friend no matter the Linux distribution, you might encounter sometimes  problem even in major Linux distributions Debian / Ubuntu / Mint / Fedora with keyboard backlight not working.

Lets say you buy a Devastator II backlighted keyboard or any other modern keyboard you plug it into the Linux machine and there is no nice blinking light coming out of the keyboard, all the joy is gone yes I know. The free software coolness would have been even more grandiose if your keyboard was shiny and glowing in color / colors 🙂

But wait, there is hope for your joy to be made complete.

To make the keyboard backlight switch on Just issue commands:


xmodmap -e 'add mod3 = Screen_Lock'


# Turn on the keyboard bright lamps
xset led on

# Turns off the keyboard bright lamps
xset led off

If you want to make the keyboard backlight be enabled permanent the easiest solution is to

– add the 3 command lines to /etc/rc.local

E.g. to do so open /etc/rc.local and before exit 0 command just add the lines:


vim /etc/rc.local


xmodmap -e 'add mod3 = Screen_Lock'

# Turn on the keyboard bright lamps
xset led on

# Turns off the keyboard bright lamps
xset led off

If you prefer to have the keyboard colorful backlight enable and disabled from X environment on lets say GNOME , here is how to make yourself an icon that enabled and disables the colors.

That's handy because at day time it is a kind of meaningless for the keyboard to glow.

Here is the shell script:

sleep 1
xset led 3
xmodmap -e 'add mod3 = Scroll_Lock'

I saved it as /home/hipo/scripts/

(don't forget to make it executable!, to do so run):


chmod +x /home/hipo/scripts/

Then create  the .desktop file at /etc/xdg/autostart/backlight.desktop so that it runs the new shell script, like so:

[Desktop Entry]
Name=Devastator Backlight

Share this on

How to downgrade package with apt-get on Debian / Ubuntu / Mint Linux

October 19th, 2017



How can I downgrade a debian package to an older version with apt-get?

Downgrading a package in Debian is not frequently required but sometimes it is a must lets say a package you just upgraded fails to communicate properly to an application, in my case that's Ejabberd server which was working pretty well with Yaxim, Bruno or Xabber Mobile android application clients, unfortunately right after periodic apt-get upgrades I do with apt due to security upgrade of deb package ejabberd=2.1.10-4+deb7u1 to ejabberd=2.1.10-4+deb7u2 it messed up and even though it worked fine with Desktop clients such as Gajim and Pidgin, there was no Android application on my Phone with Android 4.4 which was able to communicate properly with the TLS encrypted Jabber server so my only option was to downgrade back to ejabberd=2.1.10-4+deb7u1.

I looked through a short URL is ( but I couldn't find the old deb file to downgrade so I was in a situation …

 Then I duckduck goed (I've recently stopped using Google as Google is collecting too much data and sharing with NSA) and I found following instructions on downgrade


If you have the version number, or the target release, apt-get supports choosing a particular version or target release. More details can be found on manual page of apt-get. It can also be accessed from terminal by typing man apt-get

sudo apt-get install <package-name>=<package-version-number> OR

sudo apt-get -t=<target release> install <package-name>

is the command to be run. This can be used to down-grade a package to a specific version.

It has been helpfully pointed out in the comments that

    apt-cache showpkg <package-name> – lists all available versions. (h/t Sparhawk)
    apt-mark hold <package-name> "holds" – the package at the current version, preventing automatic upgrades. (h/t Luís de Sousa )

In other words All I had to do is as root superuser is:

apt-get install «pkg»=«version»


aptitude install «pkg»=«version»

Where «pkg» is the name of the package, and «version» is the version number.

So I just issued following cmd:

root@pcfreak:~# apt-get install ejabberd=2.1.10-4+deb7u1
Четене на списъците с пакети… Готово
Изграждане на дървото със зависимости       
Четене на информацията за състоянието… Готово
Предложени пакети:
Следните НОВИ пакети ще бъдат инсталирани:
0 актуализирани, 1 нови инсталирани, 0 за премахване и 3 без промяна.
Необходимо е да се изтеглят 1795 kB архиви.
След тази операция ще бъде използвано 3699 kB допълнително дисково пространство.
Изт:1 wheezy/main ejabberd amd64 2.1.10-4+deb7u1 [1795 kB]

P.S. Sorry for the cyrillic for those who can't read it but it is standard messages that Debian does in package install time.

Analogously you can do it for any other newer package that upgraded, later on to prevent further security updates of the package you will have to put the package on hold, that's as easy as running:

root@pcfreak:~# aptitude hold ejabberd
No packages will be installed, upgraded, or removed.
0 packages upgraded, 0 newly installed, 0 to remove and 4 not upgraded.
Need to get 0 B of archives. After unpacking 0 B will be used.


Share this on

Living and Martyrdom of Saint Zlata of Meglen (Muglenska) one of the greatest Bulgarian Martyrs during the Ottoman Bulgarian Slavery

October 18th, 2017


Saint Zlata of Meglen (Muglen) or also as we call it in Bulgaria saint Zlata Muglenska (Αγία Χρυσή) is a Great Holy Martyr Christian saint venerated mainly in Bulgaria, Greece, Macedonia and Serbia (nowadays), however historically even though being from the nowadays Macedonian lands, she was Macedonian Bulgarian by blood heritage she lived in the times of deep physical and spiritual darkness that has been sheeding on the ex-Bulgarian empire lands in the XVIII century in a very poor family originating from the village of Slatino ( the Orthodox Christian eparchy of Slatino ), the Ex-Ochrid Bulgarian epipscopy.

For the time she had a extensively distinguished from other young maids with her beauty and her soul has been gifted with excessive humility, Godliness, pure heart and a truthful burning unshakeful faith in / for God.

Because of her unearthly unusual beauty, a young Turk fall in love with her and decided to kidnap her and to rape her.
One day she went to the deep woods to gather trees for the coming winter uknowing the young turk with other turk friends has prepared an ambush for her.
The turk descended over the pure virgin with the help of his other friends and they captured the God servent lady and brought her to his home offering
and promising her marriage under the turms that she convert to his faith Islam.
The turk told her she either has to merry him and convert to Islam or stay Christian and suffer Christian martyrdom because of her stiffness.

Saint Zlata of Meglen stood firm in her Christian faith and rejected the offer, but the young turk being pushed by the devil has decided that this young beauty has to become
his wife, so to help his goal to convert her to his Muslim faith he brough ladies to sing her enticing songs (as an ancient manipulation technique) to brainwash the lady to
reject her Christian faith.

The young turkish ladies which by the way belonged to someone's local person harem (seraglio), were singing and dancing, smiling at her and giving their
best to show her the beaties of Islam, they told her how nice the muslim treat their lifes and how superior is according to them Muslim faith, trying their best to convince her to reject
her faith and join their false godliness.

Saint Zlata looked at the songs and lures as a temptations from the devil recognizinig the unclean spirits works inside the young ladies and turks surrounding her and strongly stood
and was watching at them with deep disgust
, praying inside her self to the Lord Jesus Christ to help her and strenghten her to stand firm in the temptations, asking him better
for a martyrdom than false enjoyment of this temporary lieful and earthly goods which leads to the eternal hell.

The young turkish ladies seeing her firmness for Christianity and unwillingness to reject the Lord and Saviour of mankind The Lord Jesus Christ had an assembly together on how to behave and came to conclusion that the only ones that can turn her from Christ might be her own family (mother, father, sister, brothers) and adviced the young turk man that the only help here might be if the family of the young virgin Zlata influence her to change her mind to reject Christ and merry the turkish man.

The family of the woman knowing the craftliness of Turks and there unrespect for the life of the Christian saw that the only option for her daugher and sister in Christ to stay physically alive is to accept Islam, so they started convincing her to accept islam, perhaps secretly hoping she can become Mohammeddan on the surface but become Christian in her heart (something that many Bulgarian, Serbian and Greek, Albanian and (others from the so called Rum-Milet Cast people or People of the Eastern Orthodox Faith within the Ottoman Empire)  were forced to do to occasionally to save their lives).

But Zlata was unshakable in her decision and firm fireful faith for Christ and publicly reinforced her decision that she better die in suffering than to accept the ungodly eartly wicked religion of Islam.


This unshakeful behavior of saint Zlata additionally scared off her family and they becomed crying in front of her continuing to convince her to convert to Turkish faith and reject Christ, they were scared about their own physical lives and this cry outs were not a cry outs by reason but a cry outs inspired by the devilish fears for the body, they were forgetting Christ words who says, "Don't fear those who kill / destroy the body, but better fear Whom who has power to throw out body and soul into the eternal Ghehenna (Hell)", the exact citation from Holy Bible is  like this "Do not be afraid of those who kill the body but cannot kill the soul. Rather, be afraid of the One who can destroy both soul and body in hell." Mathew 10:28.

Of course seing the closest beings of her crying in the soul of Saint Zlata become a division, common for us mortals.
The love for her parents and her sisters was pushing her to listen to her family and the love for the world was pushing her to listen to the turks but the love for God Christ and her Christian Duty were pushing her to become unshakeful 'till the end and accept martyrdom for Christ.

But in the young virgin the love for the world was less than the love for Christ and she screamed boldly but humbly at her spiritual torturers.


– Even if you my parents my sisters, are forcing me to reject the Lord Jesus Christ, do know that you're no longer my parents, no longer my sister!
– My father remains only my Lord Jesus Christ and my mother – the Most Holy Mother of God (Holy Theotokos) Mary, and my brother and sister are now – all the martyrs for Christ!

The turks underestood now the virgin is not willing to change her faith, and decided to force her with other means (by physical tortures) to change her faith.
Consequently three months they beat her with staffs. And then when the staffing did not help them change her mind, they started cutting skin out of her body back
and show that bloody skins to her eyes to scare her off.

A rivers of blood flow of the young pure martyr. Finally they took a glowing iron stick and pricked (holed) her head from the eye to the eye.
Christ's Grace were helping the saintly Virgin Zlata to endure all this and even after all this unbearable for a normal human body torturings
she become alive.

She was left temporary in a prison by her maryrs and by God's providence right in that time she heard the Priest (spiritual elder of her parents, and pro-Igumenos (main abbot) of Holy Mount Athos the hieromonk Timothey (Timothy) visited Meglen village.

Through one of the Christians who visited her regularly in prison she send a beseech to hieromonk Timothey to fervently pray for her, so that God gives her an honorable end of her Christian Martyrdom.

And God had honored her with a final martyrdom and an eternal honour in his One Holy Eastern Orthodox Church.

The torturer turks being embittered by their failures to break off the fervent faith in Christ of the Holy Martyr, invented another final bestiality.


They hanged Saint Zlata on a pear tree and come to her sticking her with knifes and finally they hunged her on the same tree, after which to prevent
other Christians to bury her in a Christian rite, they cut the body in parts.

In that manner of unhuman but spiritually glorious manner the Holy Great Martyr received her glorious Martyrdom for Christ
and she become an Eternal prayer for all the true Christians all around the world.

Like a clean gold, cleared by the sufferings, saint Holy Great Martyr Zlata give up her soul to God on 18 of October 1795 year filling up
the sonhms of Christian and Bulgarians saints for the Savior of the World Lord Jesus Christ.

Her martyrdom by God's providence has happened just one day before the celebration of the Greatest Bulgarian saint and Hermit saint John of Rila whose Dormition happened on 19th of October 946.

Pieces of her martyred body, were distributed among believing Christians for a blessing and many received healings from her Holy relics.

Saint Zlata is said to protect the emigrant and Bulgarians abroad and is doing miracles and helping people who stood firm in their Christian Believe 'till this very day.

Holy mother and Great Martyr Zlata Muglenska pray the merciful Lord Jesus Christ to save our sinful souls!


Sources used:
The Livings of the Saints – Synodal edition, Sofia 1991, under the edition of Bishop Parthenij Levkijski and Archimandrite dr. Athanasij (Bonchev), including some reasoning and additions to details by the Article Author Georgi Dimitrov Georgiev as inspired by God


Share this on

List of vulnerable wordpress plugins. Hacked, dangerous, vulnerable

October 17th, 2017



Have your wordpress has been hacked recently? Mine has Don't despair, below is a list of famous WordPress Plugins for its hackability.
Hope this helps you prevent your self on time and wipe out all the unnecessery plugins.
Double check the version number of Vulnerable plugins, and remove it only when you're sure its hackable. If you're sure you happen to run on your WordPress Blog or site one of the below plugins immediately deactivate and delete it.


Vulnerability types

A quick reminder of the most common security holes and issues WordPress plugins face. Please note that most problems are a combination of two or more types listed below.

Arbitrary file viewing
Instead of allowing only certain file source to be viewed (for example plugin templates) the lack of checks in the code allows the attacker to view the source of any file, including those with sensitive information such as wp-config.php

Arbitrary file upload
Lack of file type and content filtering allows for upload of arbitrary files that can contain executable code which, once run, can do pretty much anything on a site

Privilege escalation
Once the attacker has an account on the site, even if it’s only of the subscriber type, he can escalate his privileges to a higher level, including administrative ones.

SQL injection
By not escaping and filtering data that goes into SQL queries, malicious code can be injected into queries and data deleted, updated or inserted into the database. This is one of the most common vulnerabilities.

Remote code execution (RCE)
Instead of uploading and running malicious code, the attacker can run it from a remote location. The code can do anything, from hijacking the site to completely deleting it.

Plugin Name Vulnerability Type Min / Max Versions Affected
1 Flash Gallery arbitrary file upload 1.3.0 / 1.5.6
360 Product Rotation arbitrary file upload 1.1.3 / 1.2.0
Tevolution arbitrary file upload 2.0 / 2.2.9
Addblockblocker arbitrary file upload 0.0.1
Ads Widget remote code execution (RCE) 2.0 / n/a
Advanced Access Manager privilege escalation 3.0.4 / 3.2.1
Advanced Ajax Page Loader arbitrary file upload 2.5.7 / 2.7.6
Advanced Video Embed Embed Videos Or Playlists arbitrary file viewing n/a / 1.0
Analytic remote code execution (RCE) 1.8
Analytics Counter PHP object injection 1.0.0 / 3.4.1
Appointments PHP object injection 1.4.4 Beta / 2.2.0
Asgaros Forum settings change 1.0.0 / 1.5.7
Aspose Cloud Ebook Generator arbitrary file viewing 1.0
Aspose Doc Exporter arbitrary file viewing 1.0
Aspose Importer Exporter arbitrary file viewing 1.0
Aspose Pdf Exporter arbitrary file viewing 1.0
Attachment Manager arbitrary file upload 1.0.0 / 2.1.1
Auto Attachments arbitrary file upload 0.2.7 / 0.3
Bbpress Like Button SQL injection 1.0 / 1.5
Bepro Listings arbitrary file upload 2.0.54 / 2.2.0020
Blaze Slide Show For WordPress arbitrary file upload 2.0 / 2.7
Brandfolder local file inclusion (LFI) 2.3 / 3.0
Breadcrumbs Ez remote code execution (RCE) n/a
Candidate Application Form arbitrary file viewing 1.0
Category Grid View Gallery arbitrary file upload 0.1.0 / 0.1.1
Cherry Plugin arbitrary file upload 1.0 / 1.2.6
Chikuncount arbitrary file upload 1.3
Cip4 Folder Download Widget arbitrary file viewing 1.4 / 1.10
Cms Commander Client PHP object injection 2.02 / 2.21
Contus Video Gallery arbitrary file viewing 2.2 / 2.3
Cookie Eu remote code execution (RCE) 1.0
Cp Image Store arbitrary file viewing 1.0.1 / 1.0.5
Cross Rss arbitrary file viewing 0.5
Custom Content Type Manager remote code execution
Custom Lightbox possible remote code execution (RCE) 0.24
Cysteme Finder arbitrary file viewing 1.1 / 1.3
Db Backup arbitrary file viewing 1.0 / 4.5
Delete All Comments arbitrary file upload 2.0
Developer Tools arbitrary file upload 1.0.0 / 1.1.4
Disclosure Policy Plugin remote file inclusion (RFI) 1.0
Display Widgets remote code execution 2.6
Dop Slider arbitrary file upload 1.0
Download Zip Attachments arbitrary file viewing 1
Downloads Manager arbitrary file upload 1.0 Beta / 1.0 rc-1
Dp Thumbnail arbitrary file upload 1.0
Dropbox Backup PHP object injection 1.0 /
Dukapress arbitrary file viewing 2.3.7 / 2.5.3
Ebook Download arbitrary file viewing 1.1
Ecstatic arbitrary file upload 0.90 (x9) / 0.9933
Ecwid Shopping Cart PHP Object Injection 3.4.4 / 4.4.3
Enable Google Analytics remote code execution (RCE) n/a
Estatik arbitrary file upload 1.0.0 / 2.2.5
Event Commerce Wp Event Calendar persistent cross-site scripting (XSS) 1.0
Filedownload arbitrary file viewing 0.1
Flickr Gallery PHP object injection 1.2 / 1.5.2
Form Lightbox option update 1.1 / 2.1
Formidable information disclosure 1.07.5 / 2.0.07
Fresh Page arbitary file upload .11 / 1.1
Front End Upload arbitrary file upload 0.3.0 / 0.5.3
Front File Manager arbitrary file upload 0.1
Fs Real Estate Plugin SQL injection 1.1 / 2.06.03
G Translate remote code execution (RCE) 1.0 / 1.3
Gallery Objects SQL injection 0.2 / 0.4
Gallery Slider remote code execution (RCE) 2.0 / 2.1
Genesis Simple Defaults arbitrary file upload 1.0.0
Gi Media Library arbitrary file viewing 1.0.300 / 2.2.2
Google Analytics Analyze remote code execution (RCE) 1.0
Google Document Embedder SQL injection 2.5 / 2.5.16
Google Maps By Daniel Martyn remote code exection (RCE) 1.0
Google Mp3 Audio Player arbitrary file viewing 1.0.9 / 1.0.11
Grapefile arbitrary file upload 1.0 / 1.1
Gravityforms reflected cross-site scripting (XSS) 1.7 /
Hb Audio Gallery Lite arbitrary file viewing 1.0.0
History Collection arbitrary file viewing 1.1. / 1.1.1
Html5avmanager arbitrary file upload 0.1.0 / 0.2.7
I Dump Iphone To WordPress Photo Uploader arbitrary file upload 1.1.3 / 1.8
Ibs Mappro arbitrary file viewing 0.1 / 0.6
Image Export arbitrary file viewing 1.0.0 / 1.1.0
Image Symlinks arbitrary file upload 0.5 / 0.8.2
Imdb Widget arbitrary file viewing 1.0.1 / 1.0.8
Inboundio Marketing arbitrary file upload 1.0.0 / 2.0
Infusionsoft arbitrary file upload 1.5.3 / 1.5.10
Inpost Gallery local file inclusion (LFI) 2.0.9 / 2.1.2
Invit0r arbitrary file upload 0.2 / 0.22
Is Human remote code execution 1.3.3 / 1.4.2
Iwp Client PHP object injection 0.1.4 / 1.6.0
Jssor Slider arbitrary file upload 1.0 / 1.3
Like Dislike Counter For Posts Pages And Comments SQL injection 1.0 / 1.2.3
Mac Dock Gallery arbitrary file upload 1.0 / 2.7
Magic Fields arbitrary file upload 1.5 / 1.5.5
Mailchimp Integration remote code execution (RCE) 1.0.1 / 1.1
Mailpress local file inclusion (LFI) 5.2 / 5.4.6
Mdc Youtube Downloader arbitrary file viewing 2.1.0
Menu Image malicious JavaScript loading 2.6.5 / 2.6.9
Miwoftp arbitrary file viewing 1.0.0 / 1.0.4
Mm Forms Community arbitrary file upload 1.0 / 2.2.6
Mobile App Builder By Wappress arbitrary file upload n/a / 1.05
Mobile Friendly App Builder By Easytouch arbitrary file upload 3.0
Multi Plugin Installer arbitrary file viewing 1.0.0 / 1.1.0
Mypixs local file inclusion (LFI) 0.3
Nmedia User File Uploader arbitrary file upload 1.8
Option Seo remote code execution (RCE) 1.5
Page Google Maps remote code execution (RCE) 1.4
Party Hall Booking Management System SQL injection 1.0 / 1.1
Paypal Currency Converter Basic For Woocommerce arbitrary file viewing 1.0 / 1.3
Php Analytics arbitrary file upload n/a
Pica Photo Gallery arbitrary file viewing 1.0
Pitchprint arbitrary file upload 7.1 / 7.1.1
Plugin Newsletter arbitrary file viewing 1.3 / 1.5
Post Grid file deletion 2.0.6 / 2.0.12
Posts In Page authenticated local file inclusion (LFI) 1.0.0 / 1.2.4
Really Simple Guest Post local file inclusion (LFI) 1.0.1 / 1.0.6
Recent Backups arbitrary file viewing 0.1 / 0.7
Reflex Gallery arbitrary file upload 1.0 / 3.0
Resume Submissions Job Postings arbitrary file upload 2.0 / 2.5.3
Return To Top remote code execution (RCE) 1.8 / 5.0
Revslider arbitrary file viewing 1.0 / 4.1.4
S3bubble Amazon S3 Html 5 Video With Adverts arbitrary file viewing 0.5 / 0.7
Sam Pro Free local file inclusion (LFI) /
Se Html5 Album Audio Player arbitrary file viewing 1.0.8 / 1.1.0
Sell Downloads arbitrary file viewing 1.0.1
Seo Keyword Page remote code execution (RCE) 2.0.5
Seo Spy Google WordPress Plugin arbitrary file upload 2.0 / 2.6
Seo Watcher arbitrary file upload 1.3.2 / 1.3.3
Sexy Contact Form arbitrary file upload 0.9.1 / 0.9.8
Share Buttons Wp remote code execution (RCE) 1.0
Showbiz arbitrary file viewing 1.0 / 1.5.2
Simple Ads Manager information disclosure 2.0.73 / 2.7.101
Simple Download Button Shortcode arbitrary file viewing 1.0
Simple Dropbox Upload Form arbitrary file upload 1.8.6 / 1.8.8
Simple Image Manipulator arbitrary file viewing 1.0
Simplr Registration Form privilege escalation 2.2.0 / 2.4.3
Site Import remote page inclusion 1.0.0 / 1.2.0
Slide Show Pro arbitrary file upload 2.0 / 2.4
Smart Slide Show arbitrary file upload 2.0 / 2.4
Smart Videos remote code execution (RCE) 1.0
Social Networking E Commerce 1 arbitrary file upload 0.0.32
Social Sharing possible arbitrary file upload 1.0
Social Sticky Animated remote code execution (RCE) 1.0
Spamtask arbitrary file upload 1.3 / 1.3.6
Spicy Blogroll local file inclusion (LFI) 0.1 / 1.0.0
Spotlightyour arbitrary file upload 1.0 / 4.5
Stats Counter PHP object injection 1.0 /
Stats Wp remote code execution 1.8
Store Locator Le unrestricted email sending 2.6 / 4.2.56
Tera Charts reflected cross-site scripting (XSS) 0.1 / 1.0
The Viddler WordPress Plugin cross-site request forgery (CSRF)/cross-site scripting (XSS) 1.2.3 / 2.0.0
Thecartpress local file inclusion (LFI) 1.1.0 / 1.1.5
Tinymce Thumbnail Gallery arbitrary file viewing v1.0.4 / v1.0.7
Ultimate Product Catalogue arbitrary file upload 1.0 / 3.1.1
User Role Editor privilege escalation 4.19 / 4.24
Web Tripwire arbitrary file upload 0.1.2
Webapp Builder arbitrary file upload 2.0
Website Contact Form With File Upload arbitrary file upload 1.1 / 1.3.4
Weever Apps 20 Mobile Web Apps arbitrary file upload 3.0.25 / 3.1.6
Woocommerce Catalog Enquiry arbitrary file upload 2.3.3 / 3.0.0
Woocommerce Product Addon arbitrary file upload 1.0 / 1.1
Woocommerce Products Filter authenticated persistent cross-site scripting (XSS) 1.1.4 /
Woopra arbitrary file upload 1.4.1 /
WordPress File Monitor persistent cross-site scripting (XSS) 2.0 / 2.3.3
Wp Appointment Schedule Booking System persistent cross-site scripting (XSS) 1.0
Wp Business Intelligence Lite arbitrary file upload 1.0 / 1.0.7
Wp Crm arbitrary file upload 0.15 / 0.31.0
Wp Custom Page arbitrary file viewing 0.5 /
Wp Dreamworkgallery arbitrary file upload 2.0 / 2.3
Wp Easybooking reflected cross-site scripting (XSS) 1.0.0 / 1.0.3
Wp Easycart authenticated arbitrary file upload 1.1.27 / 3.0.8
Wp Ecommerce Shop Styling authenticated arbitrary file viewing 1.0 / 2.5
Wp Editor authenticated arbitrary file upload 1.0.2 /
Wp Filemanager arbitrary file viewing 1.2.8 / 1.3.0
Wp Flipslideshow persistent cross-site scripting (XSS) 2.0 / 2.2
Wp Front End Repository arbitrary file upload 1.0.0 / 1.1
Wp Handy Lightbox remote code execution (RCE) 1.4.5
Wp Homepage Slideshow arbitrary file upload 2.0 / 2.3
Wp Image News Slider arbitrary file upload 3.0 / 3.5
Wp Levoslideshow arbitrary file upload 2.0 / 2.3
Wp Miniaudioplayer arbitrary file viewing 0.5 / 1.2.7
Wp Mobile Detector authenticated persistent cross-site scripting (XSS) 3.0 / 3.2
Wp Mon arbitrary file viewing 0.5 / 0.5.1
Wp Online Store arbitrary file viewing 1.2.5 / 1.3.1
Wp Piwik persistent cross-site scripting (XSS) / 1.0.10
Wp Popup remote code execution (RCE) 2.0.0 / 2.1
Wp Post Frontend arbitrary file upload 1.0
Wp Property arbitrary file upload 1.20.0 / 1.35.0
Wp Quick Booking Manager persistent cross-site scripting (XSS) 1.0 / 1.1
Wp Royal Gallery persistent cross-site scripting (XSS) 2.0 / 2.3
Wp Seo Spy Google arbitrary file upload 3.0 / 3.1
Wp Simple Cart arbitrary file upload 0.9.0 / 1.0.15
Wp Slimstat Ex arbitrary file upload 2.1 / 2.1.2
Wp Superb Slideshow arbitrary file upload 2.0 / 2.4
Wp Swimteam arbitrary file viewing 1 / 1.44.1077
Wp Symposium arbitrary file upload 13.04 / 14.11
Wp Vertical Gallery arbitrary file upload 2.0 / 2.3
Wp Yasslideshow arbitrary file upload 3.0 / 3.4
Wp2android Turn Wp Site Into Android App arbitrary file upload 1.1.4
Wpeasystats local file inclusion (LFI) 1.8
Wpmarketplace arbitrary file viewing 2.2.0 / 2.4.0
Wpshop arbitrary file upload /
Wpstorecart arbitrary file upload 2.0.0 / 2.5.29
Wptf Image Gallery arbitrary file viewing 1.0.1 / 1.0.3
Wsecure remote code execution (RCE) 2.3
Wysija Newsletters arbitrary file upload 1.1 / 2.6.7
Xdata Toolkit arbitrary file upload 1.6 / 1.9
Zen Mobile App Native arbitrary file upload 3.0
Zingiri Web Shop arbitrary file upload 2.3.6 / 2.4.3
Zip Attachments arbitrary file viewing 1.0 / 1.4


Have your WordPress site been hacked?

Don’t despair; it happens to the best of us. It’s tough to give generic advice without having a look at your site.

Share this on

How to use find command to find files created on a specific date , Find files with specific size on GNU / Linux

October 16th, 2017

How to use find command to find files created on a specific date on GNU / Linux?


The easiest and most readable way but not most efficient ) especially for big hard disks with a lot of files not the best way) to do it is via:


find ./ -type f -ls |grep '12 Oct'


Example: To find all files modified on the 12th of October, 2017:

find . -type f -newermt 2017-10-12 ! -newermt 2017-10-13

To find all files accessed on the 29th of september, 2008:

$ find . -type f -newerat 2015-09-29 ! -newerat 2015-09-30

Or, files which had their permission changed on the same day:

$ find . -type f -newerct 2015-09-29 ! -newerct 2015-09-30

If you don't change permissions on the file, 'c' would normally correspond to the creation date, though.


Another more cryptic way but perhaps more efficient  to find any file modified on October 12th,2017,  would be with below command:


find . -type f -mtime $(( ( $(date +%s) – $(date -d '2017-10-12' +%s) ) / 60 / 60 / 24 – 1 ))




You could also look at files between certain dates by creating two files with touch

touch -t 0810010000 /tmp/f-example1
touch -t 0810011000 /tmp/f-example2

This will find all files between the two dates & times of the 2 files /tmp


find / -newer /tmp/f-example1 -and -not -newer /tmp/f-exampl2


How to Find Files with a certain size on GNU / Linux?


Lets say you got cracked and someone uploaded a shell php file of 50296 bytes a , that's a real scenario that just happened to me:

root@pcfreak:/var/www/blog/wp-admin/js# ls -b green.php 
root@pcfreak:/var/www/blog/wp-admin/js# ls -al green.php 
-rw-r–r– 1 www-data www-data 50296 окт 12 02:27 green.php

root@pcfreak:/home/hipo# find /var/www/ -type f -size 50296c -exec ls {} \;


Share this on

How to solve qmail-inject: fatal: qq temporary problem (#4.3.0) Qmail and Qmail Scanner problems on Debian Linux Wheezy

October 16th, 2017


Below QMAIL error

qmail-inject: fatal: qq temporary problem (#4.3.0)

occured to me right after upgraded from Debian Linux Squeeze 6 to Debian 7 Wheezy,

qmail-inject: fatal: qq temporary problem (#4.3.0) is really terrible error and I only experienced that error in my Thunderbird during sending mails, mail receiving doesn't work either, so as normally when there are problems with Qmail its a lot of puzzling until you get it.

There is no even trace in logs on what might be causing it, strangely enough nothing in qmail-smtpd, qmail-send logs, the mail server and all components seemed to work perfectly fine I checked whether there are libraries that are missing with a small loop line as follows:


root@pcfreak:/var/log/qmail/qmail-smtpd# for i in $(ls -1 /var/qmail/bin/*); do ldd $i |grep -i "not found"; done


The absence of result indicates, all binaries are properly linked and no found mmissing libraries.

After investigating closely what might be wrong and reading comments on Thibs QmailRocks Install Qmail-Scanner page, I realied
the error might be caused, because of problems with suid perl, as I already checked my earlier post in which I seemed to have faced the same qmail-inject: fatal: qq temporary problem (#4.3.0) error on Debian Wheezy and explained the possible reasons what might be causing the qq qmail error  here as well


and a related issue I experienced earlier with qmail scanner unable to create files in previous article here Suid Perl no longer available as a package and therefore because of the inability of perl to run as root anymore in Debian Wheezy, script did not work either.

root@pcfreak:/downloads/simscan-1.4.0# 320  echo "hi, testing." > /tmp/mailtest.txt
root@pcfreak:/downloads/simscan-1.4.0# env QMAILQUEUE=/var/qmail/bin/qmail-scanner-queue /var/qmail/bin/qmail-inject < /tmp/mailtest.txt
qmail-inject: fatal: qq permanent problem (#5.3.0)

root@pcfreak:/downloads/simscan-1.4.0# /var/qmail/bin/qmail-scanner-queue



A short note to make here is qmail-scanner-queue and are set with suid bit set as follows:

root@pcfreak:/home/hipo/info# ls -al /var/qmail/bin/{qmail-scanner-queue,}
-rwsr-sr-x 1 qscand qscand   6814 окт 14 17:22 /var/qmail/bin/qmail-scanner-queue*
-rwsr-sr-x 1 qscand qscand 158880 окт 14 23:52 /var/qmail/bin/*

Good to say here is qmail-scanner-queue is a suid wrapper binary that actually invokes

root@pcfreak:/downloads/simscan-1.4.0# su hipo
hipo@pcfreak:/downloads/simscan-1.4.0$ /var/qmail/bin/ -g
perlscanner: generate new DB file from /var/spool/qscan/quarantine-events.txt
hipo@pcfreak:/downloads/simscan-1.4.0$ exit

root@pcfreak:/downloads/simscan-1.4.0# cp /downloads/qmail-scanner-2.11st/contrib/logrotate.qmail-scanner /etc/logrotate.d/qmail-scanner
root@pcfreak:/downloads/simscan-1.4.0# chmod 644 /etc/logrotate.d/qmail-scanner
root@pcfreak:/downloads/simscan-1.4.0# cd /downloads/qmail-scanner-2.11st/contrib
root@pcfreak:/downloads/qmail-scanner-2.11st/contrib# chmod 755
root@pcfreak:/downloads/qmail-scanner-2.11st/contrib# ./ -doit
Sending standard test message – no viruses… 1/4
qmail-inject: fatal: qq temporary problem (#4.3.0)
Bad error. qmail-inject died

This are the other things, I've done to fix possible permission issues

root@pcfreak:/downloads/qmail-scanner-2.11st/contrib#  sudo -u qscand /var/qmail/bin/ -z
root@pcfreak:/downloads/qmail-scanner-2.11st/contrib# chown qscand:qscand /var/spool/qscan/qmail-scanner-queue-version.txt

In /etc/sudoers add following lines:

root@pcfreak:~# vim /etc/sudoers

ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/
##necroleak ALL=(ALL) ALL

root@pcfreak:/downloads/qmail-scanner-2.11st/contrib# cat /etc/sudoers

# /etc/sudoers
# This file MUST be edited with the 'visudo' command as root.
# See the man page for details on how to write a sudoers file.

Defaults    env_reset

# Host alias specification

# User alias specification

# Cmnd alias specification

# User privilege specification
root    ALL=(ALL) ALL
hipo    ALL=(ALL) ALL
ALL ALL=(qscand) NOPASSWD: /var/qmail/bin/
##necroleak ALL=(ALL) ALL
# Allow members of group sudo to execute any command
# (Note that later entries override this, so you might need to move
# it further down)
%sudo ALL=(ALL) ALL
#includedir /etc/sudoers.d

In case you wonder why we put the line in /etc/sudoers:


The reason behind this is that by default sudo resets the environment variables when executing the command. Thus qmail-scanner cannot recognize the important info regarding the incoming mail and treats everything as coming from localhost, which leads to passing everything without scanning. The above line preserves the important ENV variables for qmail-scanner.

In /etc/sudoers add following lines:

root@pcfreak:/downloads/qmail-scanner-2.11st/contrib# vim /var/qmail/bin/

Right after comments or in Line 1  ADD

my $real_uid="qscand";

my $effective_uid="qscand";

Also somewhere in the beginning of scripts lets say after above two variable declarations add:

$whoami = getpwuid($<) || "unknown";
if($whoami ne "qscand") {
    exec("/usr/bin/sudo -u qscand /var/qmail/bin/") || die;

To prevent your users logged in on physical console and via SSH it is necessery to disable emergency logs for users in syslog / rsyslog, otherwise due to bug, users will logged in will get flooded with messages such as:

Message from syslogd@pcfreak at Oct 15 16:43:04 … qmail-scanner[6834]: Clear:RC:0( 2.959242 10574 Светлана_Георгиева_оставила_Вам_личное_соо� <36b63ec9a0ce7ecc570de2fcbba6ed73@localhost.localdomain> 1508074981.6836-1.pcfreak:6219 1508074981.6836-0.pcfreak:545


open /etc/rsyslog.conf and find the line starting with:

root@pcfreak:~# vim /etc/rsyslog.conf



right after it so it reads like:


Share this on

OSCommerce how to change / reset lost admin password

October 16th, 2017


How to change / reset OSCommerce lost / forgotten admin password?

The password in OSCommerce is kept in table "admin", so to reset password connect to MySQL with mysql cli client.

First thing to do is to generate the new hash string, you can do that with a simple php script using the md5(); function


root@pcfreak:/var/www/files# cat 1.php
echo $pass;


root@pcfreak:/var/www/files# php 1.php


Our just generated string (for text password password) is hash: 5f4dcc3b5aa765d61d8327deb882cf99

Next to update the new hash string into SQL, we connect to MySQL:


$ mysql -u root -p


And issue following command to modify the encrypted hash string:


UPDATE `DB`.`admin` SET `admin_password` = '5f4dcc3b5aa765d61d8327deb882cf99' WHERE `admin`.`admin_id` = 6;

Share this on

How to synchronize with / from Remote FTP server using LFTP like with rsync

October 15th, 2017


Have you ever been in a need to easily synchronize with a remote host which only runs FTP server?

Or are you in a local network and you need to mirror a directory or a couple of directories in a fast and easy to remember way?

If so then you'll be happy to use below LFTP command that is doing pretty much the same as Rsync, with only difference that it can mirror files over FTP (old but gold File Transfer Protocol).


Enjoy and thanks to my dear friend Amridikon for the tip ! 🙂

Share this on

Gnome Appearance modify command in Linux / How to change theme using command line in GNOME

October 13th, 2017



1. Gnome Appearance modify command  in Linux instead – Intro

It is always handy to do stuff in console and as a GNU / Linux long time GNOME user I found it interesting to share here some nice tips on how Theme could be changed using command line.

Why would you ever want to change themes through console / Terminal? Well lets say you have to administrate remotely a bunch of GNU / Linux Desktop machines and you have to change themes simultaneously on a multiple hosts, changing theme using the command line then comes really handy.

Besides that in GNOME 3.X.X branch with Unity (yackes) if you have chosen to use GNOME (Flashback /Fallback) or Mate you might find it difficult to change some specifics of the default theme, that is especially true for GNOME (flashback) Fallback like me.

If you heard GNOME Flashback but you never used i and wonder what it is I think it is worthy to say few words about it:

GNOME Flashback is a session for GNOME 3 which was initially called "GNOME Fallback", and shipped as a stand-alone session in Debian and Ubuntu. It provides a similar user experience to the GNOME 2.x series sessions. The differences to the MATE project is that GNOME Flashback uses GTK+ 3 and tries to follow the current GNOME development by integrating recent changes of the GNOME libraries. The development currently lags behind a little but a lot of progress has been made in bug fixing lately. So in short GNOME Fallback is for anyone who wants to stick to GNOME 2.X interface but doesn't want to stick to Mate and wants still to use some more graphical goodies that comes with GNOME 3.

In MATE nowadays there is possibility to relatively Easy add / change appearance and add new themes, there is also the graphical tool called Appearance accessible via mate-control-center command or menus. Using Appearance you can modify themes and Window Decorations, however there is much more that can be done or tuned missing in the MATE GUI using a couple of GNOME desktop environment native commands.


2. List All Installed GNOME themes on Debian / Ubuntu Linux



$ ls -1 /usr/share/themes/|sed -e 's#/##g'


The All system installed theme location directory /usr/share/themes for RPM Linux-es Fedoras / CentOS etc. are identication



3. Change GTK Theme

Below commands are for GNOME 3 based desktop environments this includes also any other GNOME based Graphical Environments or components of GNOME 3 such as (Ubuntu Unity, GNOME 3 Shell/Classic, Cinnamon), and even the old GNOME 2 desktop.

In GNOME 2 it was possible to set various variables directly from gconf-editor including GTK Themes but in GNOME 3 somehow this is no more … so to do we need to use some cryptic commands or use gnome-tweak-tool or MyUnity (Ubuntu Linux users with Unity) but configuration that can be made with them is unfortunately partial so in any case knowing below commands is a necessity to be able to tune up nicely your Linux Gnome Desktop.

And yes it is crazy why on Earth gnome developers scaped out the configuration from gconf-editor and left us with this user unfriendly method. Could it be that someone (Like the big corporations) has the interest to ruin Free Software?? What do you think…

Unity, GNOME 3 Shell/Classic, Cinnamon

In Unity GNOME 3 Shell / Classic and Cinnamon (the default Debian graphical env).

Before we start I recommend you check out what is the current installed and enabled theme, you might want decide to keep it after checking the number of themes available. To check your current installed GNOME theme run:


gsettings get org.gnome.desktop.interface gtk-theme

You see I have 'Adwaita' theme as a default.
Next lets change the gnome GTK theme interface.

gsettings set org.gnome.desktop.interface gtk-theme "Menta"


MATE (In Linux Mate the current fork of GNOME 2 for hardcore GNOME 2 users)


mateconftool-2 –type=string –set /desktop/mate/interface/gtk_theme "Menta"


GNOME 2 (In native GNOME 2 if you still own some old machines with old Debian / Ubuntu / Fedoras etc.



gconftool-2 –type=string –set /desktop/gnome/interface/gtk_theme "Menta"


4. Change WINDOW THEME (Metacity)

Unity, GNOME 3 Classic (Metacity), GNOME 3 Shell (Metacity > Mutter)


gsettings set org.gnome.desktop.wm.preferences theme "Menta"

Cinnamon (Metacity -> Muffin)


gconftool –type=string –set /desktop/cinnamon/windows/theme "Menta"


Note: Cinnamon must be restarted for the change to take effect.

GNOME 2 (In Gnome 2 with Metacity)


gconftool-2 –type=string –set /apps/metacity/general/theme "Menta"


MATE (Metacity)


mateconftool-2 –type=string –set /apps/marco/general/theme "Menta"


Change SHELL THEME (In Gnome Shell and Cinnamon)

GNOME Shell (user-theme extension must be enabled)

gsettings set name "Menta"



gsettings set org.cinnamon.theme name "Menta"



Unity, GNOME 3 Shell/Classic, Cinnamon (Change GNOME3 Color scheme)



gsettings set org.gnome.desktop.interface gtk-color-scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"

Reset color (if you don't like it):

gsettings set org.gnome.desktop.interface gtk-color-scheme ""


MATE (Mate set color scheme)



mateconftool-2 –type=string –set /desktop/mate/interface/gtk_color_scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"



Reset color :


mateconftool-2 –type=string –set /desktop/mate/interface/gtk_color_scheme ""


6. GNOME 2 (Again for the old GNome 2 machines to change the GTK Color scheme)


gconftool-2 –type=string –set /desktop/gnome/interface/gtk_color_scheme "bg_color:#e9efe9;fg_color:#444444;base_color:#ffffff;text_color:#333333;selected_bg_color:#6666cc;selected_fg_color:#eeeeee;tooltip_bg_color:#222222;tooltip_fg_color:#dfcfcf;link_color:#cc0099;"


Reset color:


gconftool-2 –type=string –set /desktop/gnome/interface/gtk_color_scheme ""


What about colors, well the #444444 and #22222 and #eeeeee, #333333 seen as color codes in above examples can easily decrypted if you don't know them using a tiny tool called gcolor2
The tool is installable on most Linux distributions with a simple apt-get install gcolor2 or yum install gcolor the tool is convenient and a must have for anyone using Linux for basic design or graphic operations with some program as GIMP / Krita / Inkscape / Vectr / Karbon etc.

All gcolor2 does is to make easy for you to get HTML color codes and convert existing ones into colors for you, here is shot:



While talking about setting color another interesting Graphical tool related to article, that gives you abilities to change colors in GNOME is gnome-color-choose, the tool is really awesome and allows you to do many of the color tunings shown in above examples

# apt-get install –yes gnome-color-chooser

And finally for the gnome theme hungry people, here is a great bonus. If you need a ton of shiny new themes as possibility to set up on your GNOME download and install The Ultimate Edition Themes deb (Debian / Ubuntu Mint) etc. collection (mirrored):

Debian and other deb based distro users can easily download and install with:

linux:~# dpkg -i ultimate-edition-themes-.0.0.7_all.deb


Other Linux users such as Fedora ones and Slackware users (if anyone on Slack uses Gnome since KDE is default by default there), use alien tool to install it or directly open the file with Midnight Commander (mc) and copy the files to the /usr/share/themes dir.


This article is possible thanks to Change Theme Using Command Line in GNOME (Linux) command line examples are taken from there.

Share this on

How to extract a deb package on Debian, Ubuntu, Mint Linux and other non debian based distributions

October 13th, 2017


How to extract a deb package? 

Have you ever had a debian .deb package which contains image files you need, but the dependencies doesn't allow you to install it on your Debian / Ubuntu / Mint Linux release?
I had just recently downloaded the ultimate-edition-themes latest release v 0.0.7 a large pack of GNOME Themes and wanted to install it on my Debian Stretch Linux but I faced problems because of dependencies when trying to install with dpkg.

That is why I took another appoarch and decided to only extract the necessery themes from the archive only with dpkg.

Here is how I have extracted ultimate-edition-themes-.0.0.7_all.deb ;


dpkg -x ultimate-edition-themes-.0.0.7_all.deb /tmp/ultimate-edition-themes



So how dpkg extracts the .deb file?


Debian .deb packages are a regular more in Wikipedia – Unix archive files (ar) .

The structure of a deb file consists of another 3 files (2 tar.gzs and one binary) as follows:


debian-binary: regular text file, contains the version of the deb package format
control.tar.gz: compressed file, contains file md5sums and control directory for the deb package
data.tar.gz: compressed file, contains all the files which will be installed

Basicly if you're on a Linux distribution that lacks dpkg you can easily extract .deb binary using GNU AR  command (used to create, modify extract Unix ar files and is the GNU / Linux equivallent of the UNIX ar command).

To extract on Fedora or RPM based Linux distributions as well as BSDs with AR:

First print file conetnt with:

ar p  ultimate-edition-themes-.0.0.7_all.deb

Then extract it with:

ar x ultimate-edition-themes-.0.0.7_all.deb


Later just extract with tar (untar), the 2 other archived files contained in the .deb (ar) archive:



tar -zxvvf control.tar.gz; tar -zxxvf data.tar.gz


Get everything you need from there in my case that's the usr/share/themes folder, then enjoy life 🙂


Share this on