Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass Read the rest of this entry »

Apple vulnerabilitiesMultiple Vulnerabilities in Apple OS X, Apple iOS, and Apple TV

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 7

CVE ID: CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4462, CVE-2014-4463

Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise

Affected Products: Apple Macintosh OS X, Apple iOS 8.x, Apple TV 7.x
Affected versions: Apple OS X versions up to 10.10.1, Apple iOS versions up to 8.1.1, Apple TV to version 7.0.2 Read the rest of this entry »

Vulnerabilities 2014Buffer Overflow vulnerability in Info-Zip utility

A local user can elevate their privileges on the target system.

Danger level: Low
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2004-1010

Vector of operation: Local
Impact: Privilege escalation (Buffer Overflow) Read the rest of this entry »

Cerberus logoMultiple vulnerabilities in Cerberus FTP Server

There are three vulnerabilities (Denial of service and Security Bypass) fixed in the Windows-based FTP Server (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568).

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 0
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7
CVE ID: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568 Read the rest of this entry »

cisco company logoCisco partially eliminated vulnerabilities in routers for small business. Update for Cisco RV220W Wireless Network Security Firewall will be available within a month.

As follows from the security notices published by Cisco developers on Wednesday, November 5, the company eliminated the dangerous vulnerabilities in four models of its routers series RV, intended for use by small businesses.

Problems addressed devices include: Cisco RV120W Wireless-N VPN Firewall with outdated firmware (version to 1.0.5.9), Cisco RV180 VPN Router – up to version 1.0.4.14, as well as Cisco RV180W Wireless-N Multifunction VPN Router – up to 1.0.4.14. In addition, a vulnerable is Cisco RV220W Wireless Network Security Firewall (all current versions of the firmware). Read the rest of this entry »

Dokuwiki logoUpdated dokuwiki packages fix security vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

Vulnerabilities: Bypassing a security policy in DokuWiki

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 4

CVSSv2 Rating:
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 5.8 / Temporal: 4.3
(AV: N / AC: L / Au: N / C: P / I: N / A: N) = Base Score: 5.0 Read the rest of this entry »

Vulnerabilities in FreeBSD“CVE-2014-8517″ vulnerability: Remote command execution in FreeBSD

FreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.

Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9
CVE ID: CVE-2014-8517 Read the rest of this entry »

sony psn hackedA serious vulnerability in the PlayStation Network service

A critical vulnerability (SQL-injection) revealed in PlayStation Network. The flaw allows an attacker to gain access to Sony’s customer data.

Experts in the field of cyber security have warned that in the Sony PlayStation Network was discovered a serious vulnerability. As reported at Golem.de, service from Sony is vulnerable to SQL-injection, which allows an attacker to gain data from PSN users.

The error was detected by the expert Aria Akhavan. A hacker can visit the Sony’s support site and using a modified parameter in the URL of the resource, view the contents of a database in a browser window. The expert reported the results of their work in Sony, but never received a response. Read the rest of this entry »

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. Read the rest of this entry »

espocrm logoThree new vulnerabilities in the Open Source CRM EspoCRM: PHP File Inclusion, Improper Access Control and Reflected Cross-Site Scripting.

Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: H / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.6 / Temporal: 5.6
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2 Read the rest of this entry »