Archive for the ‘Vulnerabilities’ Category

Wordpress VulnerabilitiesNew multiple vulnerabilities have been discovered in WordPress Content Management System which allows a remote user to take control of the affected system.

Danger level: Medium
Availability of fixes: Yes
Number of vulnerabilities: 4

CVE ID: No Information

Vector of operation: Remote
Impact: Cross-site scripting, Denial of service, Security Bypass (more…)

Apple vulnerabilitiesMultiple Vulnerabilities in Apple OS X, Apple iOS, and Apple TV

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 7

CVE ID: CVE-2014-4451, CVE-2014-4452, CVE-2014-4453, CVE-2014-4458, CVE-2014-4459, CVE-2014-4462, CVE-2014-4463

Vector of operation: Remote
Impact: Disclosure of sensitive data, Security Bypass, system compromise

Affected Products: Apple Macintosh OS X, Apple iOS 8.x, Apple TV 7.x
Affected versions: Apple OS X versions up to 10.10.1, Apple iOS versions up to 8.1.1, Apple TV to version 7.0.2 (more…)

Cerberus logoMultiple vulnerabilities in Cerberus FTP Server

There are three vulnerabilities (Denial of service and Security Bypass) fixed in the Windows-based FTP Server (CVE-2014-3513, CVE-2014-3567, CVE-2014-3568).

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: O / RC: C) = Base: 7.8 / Temporal: 5.8
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 0
(AV: N / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7
CVE ID: CVE-2014-3513, CVE-2014-3567, CVE-2014-3568 (more…)

Dokuwiki logoUpdated dokuwiki packages fix security vulnerabilities, which can be exploited by malicious people to bypass certain security restrictions.

Vulnerabilities: Bypassing a security policy in DokuWiki

Danger level: Middle
Availability fixes: Yes
Number of vulnerabilities: 4

CVSSv2 Rating:
(AV: N / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: O / RC: C) = Base: 5.8 / Temporal: 4.3
(AV: N / AC: L / Au: N / C: P / I: N / A: N) = Base Score: 5.0 (more…)

Vulnerabilities in FreeBSD“CVE-2014-8517” vulnerability: Remote command execution in FreeBSD

FreeBSD developers have published a notification of elimination of vulnerability in FreeBSD.

Operation of vulnerability allows to execute arbitrary commands, provides access to critical information and locks the computer. A malicious HTTP server could cause ftp to execute arbitrary commands.

Danger level: High
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 9.3 / Temporal: 6.9
CVE ID: CVE-2014-8517 (more…)

Wordpress VulnerabilitiesInformation leak and access control bypass in WordPress WP eCommerce Plugin

Exploitation of this vulnerability allows criminals to export all the user names, addresses and other confidential information of clients.

Experts of the company Sucuri found dangerous vulnerability in the plugin “WP eCommerce”, which allows attackers to easily access and edit personal information of users.

Exploitation of the vulnerability allows criminals to export all the user names, addresses and other confidential information of clients that ever made a purchase through the plugin. Also, attackers can change the status of the order (from non-paid to paid and vice versa). At the moment, the plugin developer has released a patched version of WP eCommerce 3.8.14.4. (more…)

espocrm logoThree new vulnerabilities in the Open Source CRM EspoCRM: PHP File Inclusion, Improper Access Control and Reflected Cross-Site Scripting.

Danger level: High
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating:
(AV: N / AC: H / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.6 / Temporal: 5.6
(AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2 (more…)

samsung find my mobileZero-day vulnerability in Samsung’s Find My Mobile service allows you to remotely lock the user smartphone.

If an attacker exploits the zero-day vulnerability in Samsung’s ‘Find My Mobile’ service, then the hacker can remotely lock, unlock and ring the phone.

Vulnerability affects all smartphones Samsung, what support the web service Find My Phone. (more…)

cisco company logoThree new vulnerabilities in Cisco Adaptive Security Appliance

There are three vulnerabilities fixed in the Cisco product (Adaptive Security Appliance): Smart Call Home Digital Certificate Validation Vulnerability; VPN Failover Command Injection Vulnerability; Clientless SSL VPN Information Disclosure and Denial of Service Vulnerability.

Administrators are advised to install the latest version from the manufacturer’s web site.

Danger level: Low
Availability Corrections: Yes (more…)

Vulnerabilities in FreeBSD#1 Denial of service and system compromise in FreeBSD (Remote Buffer Overflow vulnerability)

Danger level: High
Availability Corrections: Yes
Quantity of vulnerabilities: 1

CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2014-3954

Vector of operation: Remote
Impact: Remote Buffer Overflow (Denial of service, system compromise) (more…)