Posts Tagged ‘Security Bypass’

ibm logoThere are multiple vulnerabilities in IBM products: QRadar SIEM, and Storwize V7000 Unified

#1. Multiple vulnerabilities in IBM QRadar SIEM

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 2
CVSSv2 Rating: (AV: A / AC: M / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: A / AC: L / Au: N / C: P / I: P / A: N / E: U / RL: OF / RC: C) = Base: 4.8 / Temporal: 3.5
CVE ID: CVE-2014-4824; CVE-2014-4826 (more…)

Wordpress VulnerabilitiesThe latest vulnerabilities in WordPress plugins

Three Security Bypass vulnerabilities in WordPress plugins: Access Areas, Download Manager, and DukaPress.

1. Security Bypass in WordPress Access Areas Plugin

Danger: Low
Availability of Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: P / I: P / A: P / E: U / RL: O / RC: C) = Base: 7.5 / Temporal: 5.5 (more…)

Wordpress Vulnerability

WordPress vulnerabilities

1. Security Bypass WordPress WP-Ban

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6230

Vector operation: Remote
Impact: Security Bypass (more…)

Android Hacked

Android-smartphones vulnerable

Major Android Bug is a Privacy Disaster

The vulnerability allows to intercept the current session cookies and gain complete control over the user’s session.

In the Metasploit (popular among security researchers a set of tools for penetration testing), appeared a new module that allows to exploit a dangerous vulnerability in a 75% of all smartphones based on Android operating system. The flaw makes it possible to intercept web-pages which viewed victim. It is reported by The Register.

We are talking about the vulnerability CVE-2014-6041, affecting the Android 4.2.1 (and earlier versions). To discover its managed 1 September, according to researcher Tod Beardsley (a developer for the Metasploit security toolkit), who called the flaw a “privacy disaster”. (more…)

IBM logo

IBM products Vulnerabilities


Cyber Security Notification: New Vulnerabilities of September 2014

#1 Multiple vulnerabilities in IBM products

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 3

CVSSv2 Rating: (AV: N / AC: M / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 4.3 / Temporal: 3.2
(AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7
(AV: N / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Adobe Reader logoCyber Security Notifications: New Vulnerabilities of September 2014

Vulnerabilities: Bypass security restrictions in Adobe Reader and Adobe Acrobat

Danger level: High
Availability fix: No
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: P / A: P / E: U / RL: U / RC: C) = Base: 6.8 / Temporal: 5.8

Vector operation: Remote
Impact: Security Bypass (more…)

Google ChromeThe flaws allowed malicious user to bypass certain security restrictions and compromise a vulnerable system.

Google has released the stable version of Chrome 30 browser for Windows, Mac, Linux and Chrome Frame. The new version of the browser contains some fixes for vulnerabilities allowing malicious people to bypass certain security restrictions and compromise a vulnerable system.

The main new feature in Chrome 30 is the built-in browser beta version of QuickOffice for editing Word and Excel. In addition, the new version also supports multiple accounts for the popular web-platforms, including platforms for Google.

The developers have improved the sensory functions of the browser for a more comfortable user experience tablets. From now on will work better and sandbox for Native Client. (more…)

Apache VulnerabilitySecurity Bypass vulnerability has been found in the Apache mod_rewrite.

The vulnerability allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

In the module mod_rewrite of the HTTP-server Apache 2.2.x series vulnerability has been discovered (CVE-2013-1862), which allows an attacker to execute arbitrary command when viewing the log file by the server administrator.

Through specially crafted requests to the web-server, an attacker can write to a log file, for example, system commands, as mod_rewrite when writing to the log file does not escape special characters. Proper manipulation of sequences allows you to run arbitrary commands as the user performing the scan log (usually these log files are readable only by the user root). (more…)

Firefox logo

Multiple vulnerabilities

The new version was implemented regime Firefox Health Report, which allows to monitor the performance of the browser.

According to the developers of the browser from the Mozilla, users have available the new version, Firefox 21, which was removed a number of vulnerabilities, including three critical.

Experts was eliminated a total  of eight gaps. It should be noted that two of the critical vulnerabilities affect only Firefox, Thunderbird, and since the other company’s products are no vulnerable components.

Among the updates that are not related to security, it is worth noting the expansion of the user interface to configure the Do Not Track, an increase in graphics performance and support for the implementation of the default technology WebRTC, designed to work with multi-user web-applications. (more…)

Vulnerabilities in Chrome OS

Vulnerabilities in Chrome OS

Vulnerability: Multiple vulnerabilities in Chrome OS

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 4

CVE ID: CVE-2013-2832, CVE-2013-2833, CVE-2013-2834, CVE-2013-2835

Vector of operation: Remote
Impact: Security Bypass, System Compromise

Affected products: Chrome OS 26.x
Affected versions: Chrome OS versions prior to 26.0.1410.57 (Platform version: 3701.81.2) (more…)