Vulnerabilities in FreeBSDThis gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.

The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.

According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow. Read the rest of this entry »

Wordpress VulnerabilitiesThe researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. Read the rest of this entry »

Adobe LogoTuesday Updates – Adobe Security Bulletins (December 9, 2014)

The security updates affect products such as Adobe Flash Player, Adobe Reader, Adobe Acrobat and Adobe ColdFusion.

December 9 this year in the “Tuesday Updates” Adobe has released three security bulletins. They fix 27 vulnerabilities in products such as Adobe Reader, Adobe Acrobat, Adobe Flash Player and ColdFusion.

1. The first bulletin (ID: APSB14-27)fixes six vulnerabilities in Adobe Flash Player, one of which is critical. One of the flaws are being actively exploited by cybercriminals, in connection with which the company has assigned the highest priority update. Read the rest of this entry »

Wordpress VulnerabilitiesDangerous vulnerability in the popular (around 850,000 downloads) WordPress Download Manager plugin. The vulnerability was discovered and disclosed last week. Exploitation of this vulnerability allows an attacker to take remotely control of the target web-site through the introduction of backdoors and modify user passwords.

Specialists of the company Sucuri found dangerous vulnerability in the WordPress Download Manager Plugin. Exploitation of this flaw allows an remote attacker to gain control of the target web-site through the introduction of backdoors and modification of user passwords. Read the rest of this entry »

Wordpress VulnerabilitiesPrivilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data Read the rest of this entry »

Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass Read the rest of this entry »

Apple vulnerabilitiesMultiple Vulnerabilities in Apple OS X, Apple iOS, and Apple TV

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 7

CVE ID: CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4462, CVE-2014-4463

Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise

Affected Products: Apple Macintosh OS X, Apple iOS 8.x, Apple TV 7.x
Affected versions: Apple OS X versions up to 10.10.1, Apple iOS versions up to 8.1.1, Apple TV to version 7.0.2 Read the rest of this entry »

Vulnerabilities 2014Buffer Overflow vulnerability in Info-Zip utility

A local user can elevate their privileges on the target system.

Danger level: Low
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2004-1010

Vector of operation: Local
Impact: Privilege escalation (Buffer Overflow) Read the rest of this entry »

Cerberus logoMultiple vulnerabilities in Cerberus FTP Server

There are three vulnerabilities (Denial of service and Security Bypass) fixed in the Windows-based FTP Server (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568).

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 0
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7
CVE ID: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568 Read the rest of this entry »

cisco company logoCisco partially eliminated vulnerabilities in routers for small business. Update for Cisco RV220W Wireless Network Security Firewall will be available within a month.

As follows from the security notices published by Cisco developers on Wednesday, November 5, the company eliminated the dangerous vulnerabilities in four models of its routers series RV, intended for use by small businesses.

Problems addressed devices include: Cisco RV120W Wireless-N VPN Firewall with outdated firmware (version to 1.0.5.9), Cisco RV180 VPN Router – up to version 1.0.4.14, as well as Cisco RV180W Wireless-N Multifunction VPN Router – up to 1.0.4.14. In addition, a vulnerable is Cisco RV220W Wireless Network Security Firewall (all current versions of the firmware). Read the rest of this entry »