You Are Here: Home » Posts tagged "vulnerability"

Apple Drops SSL 3.0 for Push Notifications due to Poodle Flaw

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple's announcement. The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol. "Providers using only SSL 3.0 will need to support TLS as soon as poss...

Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability  in PowerPoint and released a quick fix. The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects. "The vulnerability could allow remote code executio...

Cross-Site Scripting Vulnerability in Mozilla’s Cross Reference Sub-Domains

Two of Mozilla's Cross Reference sub-domains suffer from a cross-site scripting (XSS) vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. The vulnerability has been submitted in Mozilla's Bugzilla bug tracker on Sunday and has not yet received a fix. "This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users," Wang J...

Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks

Millions of home and office devices, including routers, media servers, webcams, smart TVs and printers are vulnerable and can be used to launch large-scale denial-of-service attacks, according to an advisory by cloud provider Akamai. “The rise of reflection attacks involving UPnP devices is an example of how fluid and dynamic the DDoS crime ecosystem can be”, Akamai says. Since July 2014, Akamai’s Prolexic...

Cross-Site Scripting (XSS) Vulnerability in New York Times’ Articles Before 2013

New York Times articles’ pages from the nytimes[dot]com domain, dated before 2013 suffer from an XSS cross-site scripting vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. Cross-site scripting (XSS) vulnerabilities usually reside in web applications and can be used by attackers to modify the normal flow of the web page. "For XSS attacks, one important thing...

Linux, OS X Users May Be Vulnerable to Bash Flaw Exploit

A bug discovered in Bash Shell, a command-line interface used by Linux and Unix, could leave web servers, systems and embedded devices such as routers vulnerable to cyber-attacks. Cyber-criminals are getting ready to launch multiple attacks, and Bitdefender warns users and sys admins to be cautious with the vulnerability.  Although code allowing the exploit of Bash-using CGI scripts is already available on...

Microsoft Issues Nine Patches for 37 Bugs

Microsoft has issued nine patches for 37 issues in Windows, Office, SQL Server, Net Framework and SharePoint Server, according to the company’s August security bulletin. The advisory patches fix severe vulnerabilities such as remote code execution, privilege escalation and security feature bypass. "The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted...

Open Redirect Vulnerability on MasterCard’s Australia Web Site

An open redirect vulnerability has been found on MasterCard's Australia web site (mastercard.com.au), according to an advisory by researcher Anastasios Monachos from Packet Storm. An open redirect vulnerability consists of the malfunction of a web app that, according to the Common Weakness Enumeration dictionary, "accepts a user-controlled input that specifies a link to an external site, and uses that link...

Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System

Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerabilities, the company said in an advisory. Impacted products include SIMATIC WinCC before version 7.3, and SIMATIC PCS7 before version 8.1. "The most severe of these vulnerabilities could allow privilege escalation in the WinCC Project administration application under certain conditions," the advisory said. The SIMATIC...

Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication

An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code remotely, according to an advisory by the Zero Day Initiative. The vulnerability can be exploited without authentication by attackers, as the flaw is found in the "mod_status" module. “A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with han...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top