Multiple cross-site scripting (XSS) vulnerabilities in CMS Papoo Light 6.0.0 (Rev 4701) allow remote attackers to inject arbitrary web script or HTML via the (1) author field to guestbook.php or (2) username field to account.php.
Monthly Archives: January 2015
CVE-2014-9523
Multiple cross-site request forgery (CSRF) vulnerabilities in the Our Team Showcase (our-team-enhanced) plugin before 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_our_team_member_count parameter in the sc_team_settings page to wp-admin/edit.php.
CVE-2014-9525
Multiple cross-site request forgery (CSRF) vulnerabilities in the Timed Popup (wp-timed-popup) plugin 1.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or (2) conduct cross-site scripting (XSS) attacks via the sc_popup_subtitle parameter in the wp-popup.php page to wp-admin/options-general.php.
CVE-2014-9524
Multiple cross-site request forgery (CSRF) vulnerabilities in the Facebook Like Box (cardoza-facebook-like-box) plugin before 2.8.3 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings via unspecified vectors or conduct cross-site scripting (XSS) attacks via the (2) frm_title, (3) frm_url, (4) frm_border_color, (5) frm_width, or (6) frm_height parameter in the slug_for_fb_like_box page to wp-admin/admin.php.
Hackers ‘mistakenly’ take down local bus schedule website
A hacking group has ‘mistakenly taken down’ a local bus website under the impression that it is a far more significant target, The Guardian reports.
The post Hackers ‘mistakenly’ take down local bus schedule website appeared first on We Live Security.
Chick-fil-A investigating possible credit card hack
Chick-fil-a has ordered an investigation into a possible data breach that occurred just before Christmas, according to The Guardian.
The post Chick-fil-A investigating possible credit card hack appeared first on We Live Security.
Google reveals Windows 8.1 security exploit after 90 day period elapses
Google has published details of a Windows 8.1 security exploit that could see the lowest level users obtaining total administrative control of a system running the operating system, Slash Gear reports.
The post Google reveals Windows 8.1 security exploit after 90 day period elapses appeared first on We Live Security.
Openwall 3.1 Released With Fixes for Shellshock, POODLE Attack
The maintainers of the Openwall security enhanced Linux distribution have released a new stable version, which includes fixes for a number of serious vulnerabilities, such as the Shellshock Bash bug and the flaw in SSLv3 that leads to the POODLE attack. Openwall is designed to be a small, compact Linux distribution for servers, appliances and […]
Debian Security Advisory 3118-1
Debian Linux Security Advisory 3118-1 – Mike Daskalakis reported a denial of service vulnerability in charon, the IKEv2 daemon for strongSwan, an IKE/IPsec suite used to establish IPsec protected links.
Ubuntu Security Notice USN-2450-1
Ubuntu Security Notice 2450-1 – Mike Daskalakis discovered that strongSwan incorrectly handled IKEv2 payloads that contained the Diffie-Hellman group 1025. A remote attacker could use this issue to cause the IKE daemon to crash, resulting in a denial of service.