You Are Here: Home » Posts tagged "vulnerability"

Weather Channel Web Site Vulnerable to Reflected Cross-Site Scripting (XSS)

Popular Weather Channel web site (Weather.com) has been found to be vulnerable to a reflected Cross-Site Scripting flaw, according to researcher Wang Jing's research. The Weather Channel is the most common US-based cable and satellite TV channel with close to 100 million subscribers. Its Alexa global rank is 143 and US rank is 35. "If The Weather Channel's users were exploited, their Identity may be stolen,...

Adobe Fixes Highly Critical Vulnerability in Flash Player

Adobe has issued a fix for critical vulnerability (CVE-2014-8439) found in Adobe Flash Player software, according to Adobe's APSB14-26 security bulletin. The vulnerability affects all Adobe Flash Player and Adobe AIR versions on Windows, Macintosh and Linux. "Adobe Flash Player before 13.0.0.258 and 14.x and 15.x before 15.0.0.239 on Windows and OS X and before 11.2.202.424 on Linux, Adobe AIR before 15.0.0...

WordPress Fixes Critical Cross-Site Scripting Flaw; WordPress 4.0.1 Released

WordPress has fixed in its newest version (4.0.1) a critical cross-site scripting vulnerability that could allow anonymous attackers to compromise WordPress web sites, according to its security release. The cross-site scripting flaw, which occurs on versions from 3.0 to 3.9.2, was discovered by Jouko Pynnonen from Klikki Oy IT company. "The JavaScript injected into a comment is executed when the target user...

Windows Secure Channel Fixed on Patch Tuesday

A critical flaw (CVE-2014-6321) from Secure Channel (Schannel) Windows component that allowed attackers to execute code remotely has been patched on this November's Patch Tuesday, according to Microsoft. Schannel component implements the TLS and SSL authentication protocols for encrypted communications between server and client. "A remote code execution vulnerability exists in the Secure Channel (Schannel)...

Adobe Fixes 18 Critical Flaws in Flash Player

Adobe has released its latest Flash Player revision to fix 18 critical vulnerabilities, according to Security Bulletin APSB14-24. "These updates address vulnerabilities that could potentially allow an attacker to take control of the affected system," the summary stated. Adobe Flash Player for Desktop Runtime, Extended Support Release, Flash Player for Chrome and Internet Explorer on Windows, Macintosh and L...

Linksys SMART WiFi EA Series Routers Vulnerable to Password Exposure

Linksys SMART WiFi EA series routers have firmware vulnerabilities that could expose the administrator password, according to a Carnegie Mellon’s CERT advisory. The firmware contains two severe vulnerabilities, CVE-2014-8243 and CVE-2014-8244 that, if exploited, could expose sensitive information and the administrator password in MD5 hash. The first vulnerability CVE-2014-8243, allows an "unauthenticated at...

Drupal Core SQL Injection Vulnerability Leveraged in Drive-by Attacks

The Drupal Core SQL vulnerability disclosed two weeks ago has been recently leveraged in automated attacks aiming to compromise websites, according to an announcement by Drupal "Automated attacks began compromising Drupal 7 websites that were not patched or updated to Drupal 7.32 within hours of the announcement of SA-CORE-2014-005 - Drupal core - SQL injection," Drupal advised. "You should proceed under th...

Apple Drops SSL 3.0 for Push Notifications due to Poodle Flaw

Apple is going to drop SSL 3.0 support for their push notification service due to the recently discovered POODLE vulnerability in the SSL protocol, according to Apple's announcement. The company is pulling the plug for SSL 3.0 support on Wednesday, October 29, in favor of the newer and more secure Transport Layer Security (TLS) protocol. "Providers using only SSL 3.0 will need to support TLS as soon as poss...

Zero-Day Remote Code Execution Flaw Disclosed by Microsoft; Workarounds Issued

Microsoft has disclosed on Tuesday in a Security Advisory a Windows OLE zero-day remote code execution (RCE) vulnerability  in PowerPoint and released a quick fix. The vulnerability impacts all Windows versions, except Windows Server 2003 and it is currently being exploited via malicious Office files that contain OLE (Object Linking and Embedding) objects. "The vulnerability could allow remote code executio...

Cross-Site Scripting Vulnerability in Mozilla’s Cross Reference Sub-Domains

Two of Mozilla's Cross Reference sub-domains suffer from a cross-site scripting (XSS) vulnerability, according to the report posted by security researcher Wang Jing on the Tetraph Blog. The vulnerability has been submitted in Mozilla's Bugzilla bug tracker on Sunday and has not yet received a fix. "This means all URLs under the above two domains can be used for XSS attacks targeting Mozilla's users," Wang J...

© 2012 Powered By Bitdefender

x
Loading...
Scroll to top