Archive for the ‘Vulnerability News’ Category

Your Computer Monitor could be hackedWe all know the fact that hackers can get access to personal data by hacking computer, smartphone or tablet.

Ang Cui and Jatin Kataria from Red Balloon Security concluded that monitor is also not as safe as it seems at first sight.

“Do not trust the pixels on the screen”, said they and demonstrated how to hack a computer through its monitor.

For example they changed a PayPal’s account balance from $0 to $1 million, but actually only the pixels on the monitor had simply been changed.


Joomla! vulnerabilitiesFive vulnerabilities in the content management system Joomla!

These flaws allows a remote user to elevate privileges on the system by exploiting SQL injection. One of vulnerabilities in Joomla! allows an attacker to gain administrator rights.

The developers of the popular content management system Joomla released a security update that fixes five vulnerabilities. One of flaws allows an attacker to remotely elevate privileges using the SQL-injection and obtain administrator rights on most web-sites running Joomla!. (more…)

Vulnerabilities 2014Three High severity vulnerabilities of the last week

Three high severity vulnerabilities have been discovered in the last week: Execution of arbitrary code in Avast Antivirus, Compromise a system via Unpatched WinRAR and Compromise the system in vtiger.

1. Execution of arbitrary code in Avast Antivirus

Danger: Critical
The number of vulnerabilities: 1
Vector of operation: Remote
Impact: System Compromise

Affected Product: Avast Antivirus
Vulnerable version: Avast Antivirus 2015.10.3.2223, possibly earlier versions (more…)

Drupal vulnerabilitiesDangerous vulnerability has been fixed in Drupal. The most serious issue outlined in the advisory (CVE-2015-3234) allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

The victim must have an account in a certain OpenID-providers for a successful attack.

Vulnerabilities identified in the module OpenID, allows a potential attacker to log in as an administrator. However, for a successful attack the victim must have an account associated with the OpenID-providers (for example: Verisign, LiveJournal, StackExchange, and some other). (more…)

Hole in LinuxCVE-2015-0240: A critical remote vulnerability in Samba

Employees MSVR (Microsoft Vulnerability Research) discovered a critical vulnerability the Samba daemon (smbd).

In unplanned releases of Samba 4.1.17, 4.0.25 and 3.6.25 fixed a critical vulnerability (CVE-2015-0240), which can be used to initiate the execution of code on the server side.

Danger problem compounded by the fact that the vulnerability can be exploited without an authentication – to carry out the attack enough send a few specially designed anonymous netlogon-packets on the network port SMB / CIFS of the server. Since by default, smbd daemon runs under root privileges, in the case of a successful attack the attacker can gain root-access to the server. (more…)

Vulnerabilities 2014The flaw allows a remote user to gain full control over the router and attack all devices connected to the home network.

The company Check Point Software Technologies has found a critical vulnerability Misfortune Cookie, which able to hit tens of millions of home routers worldwide (mostly residential gateways / SOHO – small office/home office routers). The CVE-2014-9222 flaw allows attackers to gain control of network devices, and administrative privileges, and then carry out an attack on all devices in the home network. (more…)

Adobe LogoTuesday Updates – Adobe Security Bulletins (December 9, 2014)

The security updates affect products such as Adobe Flash Player, Adobe Reader, Adobe Acrobat and Adobe ColdFusion.

December 9 this year in the “Tuesday Updates” Adobe has released three security bulletins. They fix 27 vulnerabilities in products such as Adobe Reader, Adobe Acrobat, Adobe Flash Player and ColdFusion.

1. The first bulletin (ID: APSB14-27)fixes six vulnerabilities in Adobe Flash Player, one of which is critical. One of the flaws are being actively exploited by cybercriminals, in connection with which the company has assigned the highest priority update. (more…)

Vulnerabilities 2014Buffer Overflow vulnerability in Info-Zip utility

A local user can elevate their privileges on the target system.

Danger level: Low
Availability fixes: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: L / AC: M / Au: N / C: C / I: C / A: C / E: U / RL: O / RC: C) = Base: 6.9 / Temporal: 5.1
CVE ID: CVE-2004-1010

Vector of operation: Local
Impact: Privilege escalation (Buffer Overflow) (more…)

cisco company logoCisco partially eliminated vulnerabilities in routers for small business. Update for Cisco RV220W Wireless Network Security Firewall will be available within a month.

As follows from the security notices published by Cisco developers on Wednesday, November 5, the company eliminated the dangerous vulnerabilities in four models of its routers series RV, intended for use by small businesses.

Problems addressed devices include: Cisco RV120W Wireless-N VPN Firewall with outdated firmware (version to, Cisco RV180 VPN Router – up to version, as well as Cisco RV180W Wireless-N Multifunction VPN Router – up to In addition, a vulnerable is Cisco RV220W Wireless Network Security Firewall (all current versions of the firmware). (more…)

sony psn hackedA serious vulnerability in the PlayStation Network service

A critical vulnerability (SQL-injection) revealed in PlayStation Network. The flaw allows an attacker to gain access to Sony’s customer data.

Experts in the field of cyber security have warned that in the Sony PlayStation Network was discovered a serious vulnerability. As reported at, service from Sony is vulnerable to SQL-injection, which allows an attacker to gain data from PSN users.

The error was detected by the expert Aria Akhavan. A hacker can visit the Sony’s support site and using a modified parameter in the URL of the resource, view the contents of a database in a browser window. The expert reported the results of their work in Sony, but never received a response. (more…)