You Are Here: Home » Posts tagged "vulnerability"

WordPress Fixes Critical Cross-Site Scripting Flaw; WordPress 4.0.1 Released

WordPress has fixed in its newest version (4.0.1) a critical cross-site scripting vulnerability that could allow anonymous attackers to compromise WordPress web sites, according to its security release. The cross-site scripting flaw, which occurs on versions from 3.0 to 3.9.2, was discovered by Jouko Pynnonen from Klikki Oy IT company. "The JavaScript injected into a comment is executed when the target user...

Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November's Patch Tuesday, according to Microsoft. Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client. "A remote code execution vulnerability exists in the Secure Channel (Schannel)...

Adobe Fixes 18 Critical Flaws in Flash Player

Adobe has released its latest Flash Player revision to fix 18 critical vulnerabilities, according to Security Bulletin APSB14-24. "These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system," the summary stated. Adobe Flash Player for Desktop Runtime, Extended Support Release, Flash Player for Chrome and Internet Explorer on Windows, Macintosh and L...

Linksys SMART WiFi EA Series Routers Vulnerable to Password Exposure

Linksys SMART WiFi EA series routers have firmware vulnerabilities that could expose the administrator password, according to a Carnegie Mellon’s CERT advisory. The firmware contains two severe vulnerabilities, CVE-2014-8243 and CVE-2014-8244 that, if exploited, could expose sensitive information and the administrator password in MD5 hash. The first vulnerability CVE-2014-8243, allows an "unauthenticated at...

Drupal Core SQL Injection Vulnerability Leveraged in Drive-by Attacks

The Drupal Core SQL vulnerability disclosed two weeks ago has been recently leveraged in automated attacks aiming to compromise websites, according to an announcement by Drupal "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection," Drupal advised. "You should proceed under th...

Apple Drops SSL 3.0 for Push Notifications due to Poodle Flaw

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple's announcement. The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol. "Providers using only SSL 3.0 will need to support TLS as soon as poss...

Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability  in PowerPoint and released a quick fix. The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects. "The vulnerability could allow remote code executio...

Cross-Site Scripting Vulnerability in Mozilla’s Cross Reference Sub-Domains

Two of Mozilla's Cross Reference sub-domains suffer from a cross-site scripting (XSS) vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. The vulnerability has been submitted in Mozilla's Bugzilla bug tracker on Sunday and has not yet received a fix. "This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users," Wang J...

Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks

Millions of home and office devices, including routers, media servers, webcams, smart TVs and printers are vulnerable and can be used to launch large-scale denial-of-service attacks, according to an advisory by cloud provider Akamai. “The rise of reflection attacks involving UPnP devices is an example of how fluid and dynamic the DDoS crime ecosystem can be”, Akamai says. Since July 2014, Akamai’s Prolexic...

Cross-Site Scripting (XSS) Vulnerability in New York Times’ Articles Before 2013

New York Times articles’ pages from the nytimes[dot]com domain, dated before 2013 suffer from an XSS cross-site scripting vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. Cross-site scripting (XSS) vulnerabilities usually reside in web applications and can be used by attackers to modify the normal flow of the web page. "For XSS attacks, one important thing...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top