You Are Here: Home » Posts tagged "vulnerability"

Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability  in PowerPoint and released a quick fix. The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects. "The vulnerability could allow remote code executio...

Cross-Site Scripting Vulnerability in Mozilla’s Cross Reference Sub-Domains

Two of Mozilla's Cross Reference sub-domains suffer from a cross-site scripting (XSS) vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. The vulnerability has been submitted in Mozilla's Bugzilla bug tracker on Sunday and has not yet received a fix. "This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users," Wang J...

Four Million Plug and Play Devices Become Potential Tools in DDoS Attacks

Millions of home and office devices, including routers, media servers, webcams, smart TVs and printers are vulnerable and can be used to launch large-scale denial-of-service attacks, according to an advisory by cloud provider Akamai. “The rise of reflection attacks involving UPnP devices is an example of how fluid and dynamic the DDoS crime ecosystem can be”, Akamai says. Since July 2014, Akamai’s Prolexic...

Cross-Site Scripting (XSS) Vulnerability in New York Times’ Articles Before 2013

New York Times articles’ pages from the nytimes[dot]com domain, dated before 2013 suffer from an XSS cross-site scripting vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. Cross-site scripting (XSS) vulnerabilities usually reside in web applications and can be used by attackers to modify the normal flow of the web page. "For XSS attacks, one important thing...

Linux, OS X Users May Be Vulnerable to Bash Flaw Exploit

A bug discovered in Bash Shell, a command-line interface used by Linux and Unix, could leave web servers, systems and embedded devices such as routers vulnerable to cyber-attacks. Cyber-criminals are getting ready to launch multiple attacks, and Bitdefender warns users and sys admins to be cautious with the vulnerability.  Although code allowing the exploit of Bash-using CGI scripts is already available on...

Microsoft Issues Nine Patches for 37 Bugs

Microsoft has issued nine patches for 37 issues in Windows, Office, SQL Server, Net Framework and SharePoint Server, according to the company’s August security bulletin. The advisory patches fix severe vulnerabilities such as remote code execution, privilege escalation and security feature bypass. "The most severe of these vulnerabilities could allow remote code execution if a user views a specially crafted...

Open Redirect Vulnerability on MasterCard’s Australia Web Site

An open redirect vulnerability has been found on MasterCard's Australia web site (mastercard.com.au), according to an advisory by researcher Anastasios Monachos from Packet Storm. An open redirect vulnerability consists of the malfunction of a web app that, according to the Common Weakness Enumeration dictionary, "accepts a user-controlled input that specifies a link to an external site, and uses that link...

Five Severe Vulnerabilities Fixed in Siemens’ SIMATIC WinCC SCADA System

Siemens has issued an update to its SIMATIC WinCC SCADA system due to five severe vulnerabilities, the company said in an advisory. Impacted products include SIMATIC WinCC before version 7.3, and SIMATIC PCS7 before version 8.1. "The most severe of these vulnerabilities could allow privilege escalation in the WinCC Project administration application under certain conditions," the advisory said. The SIMATIC...

Apache Server Vulnerability Allows Attackers to Execute Code Remotely Without Authentication

An Apache HTTP server buffer overflow vulnerability could allow attackers to execute code remotely, according to an advisory by the Zero Day Initiative. The vulnerability can be exploited without authentication by attackers, as the flaw is found in the "mod_status" module. “A race condition in mod_status allows an attacker to disclose information or corrupt memory with several requests to endpoints with han...

Microsoft Issues Security Updates for Critical Vulnerabilities in Internet Explorer and Windows Journal

Microsoft issued new update packages to patch critical vulnerabilities in Internet Explorer and Windows Journal, according to Microsoft's July Security Bulletin. Two updates have been rated  `critical,’ three as `important’ and one `moderate,’ by the company, which addressed 29 vulnerabilities in six update packages, from MS14-037 to MS14-042. Photo credit: Microsoft’s Blog "The ongoing diligent work from o...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top