Posted by Advisories on Mar 12
Small correction (copy & paste error), sorry for that:
Mogwai Security Advisory MSA-2015-03
———————————————————————-
Title: iPass Mobile Client service local privilege escalation
Product: iPass Mobile Client
Affected versions: iPass Mobile Client 2.4.2.15122 (Newer version might be also
affected)
Impact: medium
Remote: no
Product link:…
Posted by Ryan Dewhurst on Mar 12
Title: WordPress SEO by Yoast <= 1.7.3.3 – Blind SQL Injection
Version/s Tested: 1.7.3.3
Patched Version: 1.7.4
CVSSv2 Base Score: 9 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
CVSSv2 Temporal Score: 7 (AV:N/AC:L/Au:S/C:C/I:C/A:C/E:POC/RL:OF/RC:C)
WPVULNDB: https://wpvulndb.com/vulnerabilities/7841
Description:
WordPress SEO by Yoast is a popular WordPress plugin (wordpress-seo) used
to improve the Search Engine Optimization (SEO) of…
Posted by Jouko Pynnonen on Mar 12
*OVERVIEW*
WPML is the industry standard for creating multi-lingual WordPress sites.
Three vulnerabilities were found in the plug-in. The most serious of them,
an SQL injection problem, allows anyone to read the contents of the
WordPress database, including user details and password hashes, without
authentication.
System administrators should update to version 3.1.9.1 released earlier
this week to resolve the issues.
*DETAILS*
*1. SQL…
Posted by Nick Boyce on Mar 12
(I’m just posting the news – haven’t seen this here yet)
A team of Google security researchers recently reported on discoveries
they have made over the last few months which show it is possible to
alter contents of DRAM locations by simply *reading* the contents of
neighbouring locations. Using this technique they were able to
develop an exploit which modified page tables to allow write access to
the whole of physical memory and thus…
Original release date: March 12, 2015
Adobe has released security updates to address multiple vulnerabilities in Flash Player. Exploitation of these vulnerabilities may allow a remote attacker to take control of an affected system.
Users and administrators are encouraged to review Adobe Security Bulletin APSB15-05 and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
A variant of CryptoLocker ransomware is targeting gamers, encrypting files associated with more than 20 popular titles in exchange for a Bitcoin payment.
Posted by Advisories on Mar 12
Mogwai Security Advisory MSA-2015-03
———————————————————————-
Title: iPass Mobile Client service local privilege escalation
Product: Hewlett-Packard Universal CMDB (UCMDB)
Affected versions: iPass Mobile Client 2.4.2.15122 (Newer version might be
also affected)
Impact: medium
Remote: no
Product link: http://www.ipass.com/laptops/…
BlackBerry is warning customers that a large portion of the company’s product portfolio is vulnerable to the FREAK SSL attack. Many versions of the BlackBerry OS and BlackBerry Enterprise Server are vulnerable to FREAK, as are a number of versions of BlackBerry Messenger. The advisory from BlackBerry says that there are no workarounds for the […]
Multiple SQL injection vulnerabilities in Betster (aka PHP Betoffice) 1.0.4 allow remote attackers to execute arbitrary SQL commands via the id parameter to (1) showprofile.php or (2) categoryedit.php or (3) username parameter in a login to index.php.
Cross-site scripting (XSS) vulnerability in WoltLab Community Gallery 2.0 before 2014-12-26 allows remote attackers to inject arbitrary web script or HTML via the parameters[data][7][title] parameter in a saveImageData action to index.php/AJAXProxy.