Posts Tagged ‘critical vulnerability’

Internet Explorer vulnerabilitiesMicrosoft has corrected zero-day vulnerability in Internet Explorer

The flaw allows an attacker to gain complete control over the target device.

Microsoft has released an update that corrects zero-day vulnerability in Internet Explorer of versions 7-11 (this flaw does not appear to be present in new Microsoft Edge). The Critical Hole CVE-2015-2502 allows an attacker to remotely execute code on the target device.

According to Microsoft, the remote user can use a specially created a web-site to compromise a vulnerable system. The vulnerability is caused due to a memory corruption error when handling certain objects. (more…)

Drupal vulnerabilitiesDangerous vulnerability has been fixed in Drupal. The most serious issue outlined in the advisory (CVE-2015-3234) allows a malicious user to log in as other users on the site, including administrators, and hijack their accounts.

The victim must have an account in a certain OpenID-providers for a successful attack.

Vulnerabilities identified in the module OpenID, allows a potential attacker to log in as an administrator. However, for a successful attack the victim must have an account associated with the OpenID-providers (for example: Verisign, LiveJournal, StackExchange, and some other). (more…)

Hole in LinuxCVE-2015-0240: A critical remote vulnerability in Samba

Employees MSVR (Microsoft Vulnerability Research) discovered a critical vulnerability the Samba daemon (smbd).

In unplanned releases of Samba 4.1.17, 4.0.25 and 3.6.25 fixed a critical vulnerability (CVE-2015-0240), which can be used to initiate the execution of code on the server side.

Danger problem compounded by the fact that the vulnerability can be exploited without an authentication – to carry out the attack enough send a few specially designed anonymous netlogon-packets on the network port SMB / CIFS of the server. Since by default, smbd daemon runs under root privileges, in the case of a successful attack the attacker can gain root-access to the server. (more…)

Vulnerabilities 2014The flaw allows a remote user to gain full control over the router and attack all devices connected to the home network.

The company Check Point Software Technologies has found a critical vulnerability Misfortune Cookie, which able to hit tens of millions of home routers worldwide (mostly residential gateways / SOHO – small office/home office routers). The CVE-2014-9222 flaw allows attackers to gain control of network devices, and administrative privileges, and then carry out an attack on all devices in the home network. (more…)

sony psn hackedA serious vulnerability in the PlayStation Network service

A critical vulnerability (SQL-injection) revealed in PlayStation Network. The flaw allows an attacker to gain access to Sony’s customer data.

Experts in the field of cyber security have warned that in the Sony PlayStation Network was discovered a serious vulnerability. As reported at, service from Sony is vulnerable to SQL-injection, which allows an attacker to gain data from PSN users.

The error was detected by the expert Aria Akhavan. A hacker can visit the Sony’s support site and using a modified parameter in the URL of the resource, view the contents of a database in a browser window. The expert reported the results of their work in Sony, but never received a response. (more…)

Drupal vulnerabilitiesDue to the critical vulnerability (CVE-2014-3704) that allows an attacker to gain access to the administrator account, developers are advised to roll back to a backup or recreate the site from scratch.

According to the developers of the popular CMS (content management system) Drupal, all web-sites based on Drupal 7.x can be compromised. The problem is related to a critical vulnerability that could allow an unauthorized user to execute arbitrary SQL-queries to the database resource and uncover the administrator password.

According to the developers, attacks using this breach began immediately after after the announcement October 15 this year. Even those web-sites, which administrators have enough time to apply the update may still be compromised. (more…)

dangerous flaw in windowsCritical Vulnerability: Remote Code Execution in Microsoft Windows

Microsoft warns users about 0-day attacks via PowerPoint OLE objects. Hackers are exploiting a zero-day vulnerability in Windows.

Vulnerability in Microsoft OLE Could Allow Remote Code Execution and affecting all supported releases of Microsoft Windows, excluding Windows Server 2003.

Today, Microsoft has released Security Advisory 3010060 as well as the “Fix It” temporary patch. A new ID, CVE-2014-6352, has been assigned to track this issue. (more…)

Drupal vulnerabilitiesThe critical vulnerability in Drupal (CVE-2014-3704)

In the release of web content management system Drupal 7.32 fixed a critical vulnerability (CVE-2014-3704), which allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. The vulnerability assigned the highest level of danger (Highly critical), what indicates the possibility of the remote attacks that can lead to gaining access to the system.

The vulnerability is caused by a bug in the implementation of the method “prepared statement” in thedatabase abstraction API and can be exploited by anonymous users. A vulnerability in this API allows an attacker to send specially crafted requests resulting in arbitrary SQL execution. (more…)

Security NewsA critical vulnerability in Google allows access to the Google’s production servers

A Team of researchers discovered a critical XML External Entity (XXE) vulnerability on Google server that allows users to customize their toolbars with new buttons by uploading XML files containing layout properties. Sounds ridiculous but has been proven by the security researchers from Detectify.

Curious that the researchers used Google dorking to search for vulnerabilities within unpopular applications managed by Google, The Google Toolbar button gallery was the application that most of all attracted their attention.

The vulnerability resides in the Toolbar Button Gallery (as shown). The team of researchers found a loophole after they noticed that Google Toolbar Button Gallery allows users to customize their toolbars with new buttons. (more…)

Microsoft Security Bulletin

Microsoft Security Bulletin

Microsoft Security Bulletin Summary for April 2013

In March 2013, Microsoft released seven security bulletins that fixed 20 vulnerabilities.

In April 2013, Microsoft released nine security bulletins that were fixed three vulnerability high level and 11 low level risk vulnerabilities. (more…)