Posts Tagged ‘vulnerability’

Vulnerability1. IBM Business Process Manager 7.x

Danger: Low

Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: M / Au: N / C: P / I: N / A: N / E: U / RL: O / RC: C) =
CVE ID: CVE-2014-3087

Vector operation: LAN (Local area network)
Impact: Disclosure of sensitive data

Affected Products: IBM Business Process Manager 7.x (more…)

WordPress PluginsDetected a dangerous flaw in the popular plugins for caching, which allows you to execute arbitrary PHP code on the target system.

Information security researcher Frank Goosen has published details of the vulnerability in the popular plug-ins for caching pages WordPress – WP Super Cache and W3 Total Cache, with more than six million downloads. Discovered vulnerability allows an attacker to inject and execute arbitrary PHP code on the target system with the privileges of Web-server. (more…)

vulnerability

vulnerability

Vulnerability – a shortcoming of the software installed on your computer, or used to provide network security.

They can also occur as a result of an incorrect configuration or settings. Hackers exploit vulnerabilities to attack your computer, which can lead to data loss and equipment damage. Software companies, according to the found vulnerabilities and release patches that address the problem after installing it on your computer.

The Software development companies, report about the found vulnerabilities and let out patches which eliminate a problem after installation on your computer. (more…)

Barracuda networksThe SEC Consult company found undocumented accounts in solutions of Barracuda Networks.

According to SEC Consult, in different software company Barracuda Networks was discovered backdoor. The notice referred to the existence of undocumented accounts, remote which can be accessed remotely via SSH.

Undocumented accounts associated with the “backend support mechanisms.” Support page for the manufacturer stated that he is not aware of operating accounts described SEC Consult, for malicious purposes.

“Our study confirms that an attacker with specific knowledge about the internal structure of the solutions Barracuda, to connect to an account that does not have the privileges of a small area of ​​IP addresses”, – stated in the notification producer. (more…)

Drupal logo

System compromise

Vulnerability: System compromise in Drupal Live CSS

Danger: Average
Patch: Yes
Number of vulnerabilities: 1

Vector of operation: Remote
Impact: System Compromise

Affected products: Drupal Live CSS Module 6.x
Drupal Live CSS Module 7.x

Affected versions: Live CSS module for Drupal 6.x-2.1, perhaps the only one.
Live CSS module for Drupal 7.x-2.7, perhaps the only one. (more…)

Foxit ReaderInformation on the vulnerability has been publicly available for one week.

Foxit released version 5.4.5 of its Foxit Reader PDF viewer plug-in on Thursday in order to address a critical remote code execution vulnerability. In the new version (5.4.5) developers eliminated the critical gap allowing the potential malefactor far off to execute any code on target system.

It should be noted that all ActiveX versions of a component of the program for Mozilla Firefox, Google Chrome, Opera and Safari browsers were vulnerable. In the notice also it is noted that the independent researcher of safety of Andrea Micalizzi was succeeded to find vulnerability.

Let’s remind that the expert publicly opened detailed information on the vulnerability and methods of its operation on the web site on January 7 the current year. (more…)

Foxit ReaderVulnerability: System compromise in Foxit Reader

Danger: High
Patch: Yes
Number of vulnerabilities: 1

Vector operation: Remote
Impact: System Compromise

Exploit: Functional exploit
Affected Products: Foxit Reader 5.x, Foxit Reader Plugin 2.x (extension for Firefox)

Affected versions:
Foxit Reader 5.4.4.1128, possibly other versions, Foxit Reader Plugin 2.2.1.530, possibly other versions (more…)

internet explorer logoThis vulnerability was used to attack visitors to the site of the Council on Foreign Relations, United States.

Microsoft has published an advance notice of the fact that today, 14 January, at 10:00 PST, will be available security update, which will eliminate the zero-day vulnerability in the browser Internet Explorer.

Recall that on December 21 unknown hackers have carried out a successful attack on the website of the Council on Foreign Relations, United States (http://www.cfr.org) and posted on the pages of an exploit for a previously unknown vulnerability in Microsoft Internet Explorer. Subsequently FireEye published in his blog analysis of malware, which has been used by hackers. (more…)

Vulnerability

SSL implementation flaws

Researchers have discovered an incorrect implementation of SSL encryption that allows for an attack on a huge number of applications and services provided by PayPal, Amazon, Microsoft, Google, Yahoo.

A team of researchers from the University of Texas at Austin and Stanford published a study of reliability mechanisms Validation SSL certificates in “non-browser” software platforms on Linux, Windows, Android and iOS. The subject of the study were the validation SSL implementations in various software and API, based on it. The vector operation was chosen type of attack is the “man in the middle” (MitM).

The main objective of SSL – is to provide mechanisms to protect the end user from the attack of the “man in the middle”. Even if the network is fully compromised: poisoned DNS cache servers, access points, routers, etc. are controlled by an attacker – SSL is required to ensure the confidentiality, authenticity and integrity of data between the client and the server. (more…)

Broadcom

Vulnerability in the Wi-Fi modules

In the two non-wireless Internet access production Broadcom found serious flaw that can cause denial of service.

Researchers CoreSecurity Andres Blanco discovered a serious vulnerability in two Wi-Fi-module, which provides wireless access to the Internet, which are installed in a number of modern smartphones.

According to Blanco, chips made by Broadcom Corporation contain unterminated hole that attackers can use to carry out DoS-attacks.

In the study, Blanco found the vulnerability CVE-2012-2619 is present in the chipset BCM4325 and BCM4329 and allows a remote user to DoS-attack, using the read error beyond the borders of the data.

According to experts, the affected products Broadcom BCM4325 completed a number of modern gadgets production of various companies, including Apple iPhone 3GS, Apple iPod 2G, HTC Touch Pro 2, HTC Droid Incredible, Samsung Spica, Acer Liquid, Motorola Devour, and the car Ford Edge. (more…)