New multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.
Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4
CVE ID: No Information
Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass (more…)
Multiple Vulnerabilities in Apple OS X, Apple iOS, and Apple TVDanger level: High
Availability fixes: Yes
Number of vulnerabilities: 7
CVE ID: CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4462, CVE-2014-4463
Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise
Affected Products: Apple Macintosh OS X, Apple iOS 8.x, Apple TV 7.x
Affected versions: Apple OS X versions up to 10.10.1, Apple iOS versions up to 8.1.1, Apple TV to version 7.0.2 (more…)
Multiple vulnerabilities in Cerberus FTP ServerThere are three vulnerabilities (Denial of service and Security Bypass) fixed in the Windows-based FTP Server (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568).
Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 3
CVSSv2 Rating:
(AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 0
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7
CVE ID: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568 (more…)
Updated dokuwiki packages fix security vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.
Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 4
CVSSv2 Rating:
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 5.8 / Temporal: 4.3
(AV: N / AC: L / Au: N / C: P / I: N / A: N) = Base Score: 5.0 (more…)
“CVE-2014-8517” vulnerability: Remote command execution in FreeBSDFreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.
Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.
Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9
CVE ID: CVE-2014-8517 (more…)
Information leak and access control bypass in WordPress WP eCommerce PluginExploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.
Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.
Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. (more…)
Three new vulnerabilities in the Open Source CRM EspoCRM: PHP File Inclusion, Improper Access Control and Reflected Cross-Site Scripting.
Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 3
CVSSv2 Rating:
(AV: N / AC: H / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.6 / Temporal: 5.6
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2 (more…)
Zero-day vulnerability in Samsung’s Find My Mobile service allows you to remotely lock the user smartphone.
If an attacker exploits the zero-day vulnerability in Samsung’s ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.
Vulnerability affects all smartphones Samsung, what support the web service Find My Phone. (more…)
Three new vulnerabilities in Cisco Adaptive Security ApplianceThere are three vulnerabilities fixed in the Cisco product (Adaptive Security Appliance): Smart Call Home Digital Certificate Validation Vulnerability; VPN Failover Command Injection Vulnerability; Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability.
Administrators are advised to install the latest version from the manufacturer’s web site.
Danger level: Low
Availability Corrections: Yes (more…)
#1 Denial of service and system compromise in FreeBSD (Remote Buffer Overflow vulnerability)Danger level: High
Availability Corrections: Yes
Quantity of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2014-3954
Vector of operation: Remote
Impact: Remote Buffer Overflow (Denial of service, system compromise) (more…)
MALWARELIST.net - Your Information Security Source 