espocrm logoThree new vulnerabilities in the Open Source CRM EspoCRM: PHP File Inclusion, Improper Access Control and Reflected Cross-Site Scripting.

Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: H / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.6 / Temporal: 5.6
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2 Read the rest of this entry »

Drupal vulnerabilitiesDue to the critical vulnerability (CVE-2014-3704) that allows an attacker to gain access to the administrator account, developers are advised to roll back to a backup or recreate the site from scratch.

According to the developers of the popular CMS (content management system) Drupal, all web-sites based on Drupal 7.x can be compromised. The problem is related to a critical vulnerability that could allow an unauthorized user to execute arbitrary SQL-queries to the database resource and uncover the administrator password.

According to the developers, attacks using this breach began immediately after after the announcement October 15 this year. Even those web-sites, which administrators have enough time to apply the update may still be compromised. Read the rest of this entry »

samsung find my mobileZero-day vulnerability in Samsung’s Find My Mobile service allows you to remotely lock the user smartphone.

If an attacker exploits the zero-day vulnerability in Samsung’s ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.

Vulnerability affects all smartphones Samsung, what support the web service Find My Phone. Read the rest of this entry »

Bitdefender Adware Removal ToolBitdefender company announced the first public beta version of the new portable program to detect and remove unwanted (primarily advertising) software on personal computers – Bitdefender Adware Removal Tool for PC.

Bitdefender Adware Removal Tool – free scanner that allows you to test the system and remove the detected “potentially unwanted program” (PUP).

A potentially unwanted program is a program that may be unwanted, such as spyware. PUP is a piece of software that is also downloaded when a user downloads a specific program or application and sometimes act very similarly to viruses or spyware. Read the rest of this entry »

cisco company logoThree new vulnerabilities in Cisco Adaptive Security Appliance

There are three vulnerabilities fixed in the Cisco product (Adaptive Security Appliance): Smart Call Home Digital Certificate Validation Vulnerability; VPN Failover Command Injection Vulnerability; Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability.

Administrators are advised to install the latest version from the manufacturer’s web site.

Danger level: Low
Availability Corrections: Yes Read the rest of this entry »

Vulnerabilities in FreeBSD#1 Denial of service and system compromise in FreeBSD (Remote Buffer Overflow vulnerability)

Danger level: High
Availability Corrections: Yes
Quantity of vulnerabilities: 1

CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2014-3954

Vector of operation: Remote
Impact: Remote Buffer Overflow (Denial of service, system compromise) Read the rest of this entry »

PidginFive new vulnerabilities in universal instant messenger client

There are five vulnerabilities fixed in the client messaging Pidgin. Administrators are advised to update to version 2.10.10.

The program for instant messaging on the Internet Pidgin updated to version 2.10.10. Administrators are advised to install the updates immediately because they fixed five vulnerabilities.

Vulnerability CVE-2014-3698 allows attackers to steal information from the memory process in XMPP-messages. Vulnerability CVE-2014-3697 possible to change arbitrary files when connecting a specially designed theme emoticons (only in Windows). Vulnerabilities CVE-2014-3696 and CVE-2014-3695 could lead to abnormal termination of the process,  and CVE-2014-3694 leads to errors when checking SSL-certificates. Read the rest of this entry »

avast protectionAvast Free Antivirus 2015 – is free antivirus with all the features you need for reliable protection of your computer and data from malicious attacks. It includes efficient antivirus with powerful shields and scanner for your home network.

Avast Free Antivirus 2015 – a reliable free antivirus with over 200 million users worldwide.

The solution offers everything you need to effectively protect your computer and data from hackers and malicious attacks. Read the rest of this entry »

avast protectionAVAST Software Company announced its line of the antivirus products for 2015, including: avast! Free / Pro Antivirus 2015, avast! Internet Security 2015 and avast! Premier 2015.

All programs now contain the function of protecting domestic networks, which scans the local network for different types of vulnerabilities: checks the status of the wireless Wi-Fi-connection, settings of the router, password settings, and etc.

A new smart scan option available from the main console, consistently runs all avast! scanners: antivirus, home networking, software updates and a file collection. The results of these tests are displayed in a common window, so that you can eliminate found problems in one mouse click. Read the rest of this entry »

dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. Read the rest of this entry »