Archive for the ‘Vulnerability News’ Category

Drupal vulnerabilitiesDue to the critical vulnerability (CVE-2014-3704) that allows an attacker to gain access to the administrator account, developers are advised to roll back to a backup or recreate the site from scratch.

According to the developers of the popular CMS (content management system) Drupal, all web-sites based on Drupal 7.x can be compromised. The problem is related to a critical vulnerability that could allow an unauthorized user to execute arbitrary SQL-queries to the database resource and uncover the administrator password.

According to the developers, attacks using this breach began immediately after after the announcement October 15 this year. Even those web-sites, which administrators have enough time to apply the update may still be compromised. (more…)


SandwormZero-day vulnerability in all versions of Windows

On Tuesday, October 14, 2014, iSIGHT Partners – in close collaboration with Microsoft – announced the discovery of a zero-day vulnerability impacting all supported versions of Microsoft Windows and Windows Server 2008 and 2012.

Researchers at iSIGHT Partners said that the team, which they’ve dubbed Sandworm, likely has been active since 2009. (The sandworm is a fictional form of desert-dwelling creature from the Dune universe created by Frank Herbert – From Wikipedia, the free encyclopedia.)

Microsoft is making a patch for this vulnerability available as part of patch updates on the 14th – CVE-2014-4114. (more…)

ibm logoThere are multiple vulnerabilities in IBM products: QRadar SIEM, and Storwize V7000 Unified

#1. Multiple vulnerabilities in IBM QRadar SIEM

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 2
CVSSv2 Rating: (AV: A / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.8 / Temporal: 3.5
CVE ID: CVE-2014-4824; CVE-2014-4826 (more…)

Wordpress VulnerabilitiesThe latest vulnerabilities in WordPress plugins

Three Security Bypass vulnerabilities in WordPress plugins: Access Areas, Download Manager, and DukaPress.

1. Security Bypass in WordPress Access Areas Plugin

Danger: Low
Availability of Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 7.5 / Temporal: 5.5 (more…)

bash shellVulnerability – System compromise in bash

Experts on Information Security warned of a new vulnerability ShellShock (CVE-2014-6271), the use of which allows the execution of arbitrary code. The vulnerability affected not only the Internet servers and workstations, but also the devices that we uses in everyday life – smartphones, tablets, home routers, and laptops. According to some estimates, a new vulnerability may be bigger than the sensational Heartbleed earlier this year. (more…)

Wordpress Vulnerability

WordPress vulnerabilities

1. Security Bypass WordPress WP-Ban

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6230

Vector operation: Remote
Impact: Security Bypass (more…)

FreeBSD Logo

Vulnerability in FreeBSD

Cyber security news 2014: Denial of service in FreeBSD

Revealed the vulnerability in all supported branches of FreeBSD

The flaw allows an attacker to reset the TCP connection by sending a specially designed package.

In all versions of network operating systems FreeBSD has been discovered vulnerability (CVE-2004-0230). The flaw allows an attacker to reset the TCP connection by sending a TCP packet, which contain bogus IP-address. To commit attacks cybercriminals was enough just to know numbers of active ports. (more…)

IBM logo

IBM products Vulnerabilities


Cyber Security Notification: New Vulnerabilities of September 2014

#1 Multiple vulnerabilities in IBM products

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Drupal logo

Drupal vulnerabilities

Cyber Security Notification: New Vulnerabilities of September 2014

Security vulnerabilities related to Drupal – content management system: Descriptions of vulnerabilities related to products of this vendor of September 13, 2014.

1. Vulnerability: Cross-site scripting in Drupal Custom BreadCrumbs

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Adobe Reader logoCyber Security Notifications: New Vulnerabilities of September 2014

Vulnerabilities: Bypass security restrictions in Adobe Reader and Adobe Acrobat

Danger level: High
Availability fix: No
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: U / RL: U / RC: C) = Base: 6.8 / Temporal: 5.8

Vector operation: Remote
Impact: Security Bypass (more…)