Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2
1216069 – wordpress: stored XSS via long comments
1216070 – wordpress: stored XSS via long comments [fedora-all]<br
**WordPress 4.2 “Powell” **
* Upstream announcement https://wordpress.org/news/2015/04/powell/
**WordPress 4.2.1 Security Release**
* Upstream announcement https://wordpress.org/news/2015/04/wordpress-4-2-1/
Monthly Archives: April 2015
Fedora 22 Security Update: wordpress-4.2-1.fc22
Fedora 22 Security Update: ikiwiki-3.20150329-1.fc22
Fedora 22 Security Update: wordpress-4.1.2-1.fc22
Resolved Bugs
1214651 – wordpress: several vulnerabilities fixed in WordPress 4.1.2 [fedora-all]
1214650 – wordpress: several vulnerabilities fixed in WordPress 4.1.2<br
This is a critical security release for all previous versions and we strongly encourage you to update your sites immediately.
https://wordpress.org/news/2015/04/wordpress-4-1-2/
Google Provides Detailed Analysis of GitHub Attack Traffic
The high-profile DDoS attack against GitHub that went on for several days last month was the end result of an operation that included several phases and extensive testing and optimization by the attackers. Researchers at Google analyzed the attack traffic over several weeks and found that the attackers used both Javascript replacement and HTML injections. […]
CVE-2011-4403 (zen_cart)
Multiple cross-site request forgery (CSRF) vulnerabilities in Zen Cart 1.3.9h allow remote attackers to hijack the authentication of administrators for requests that (1) delete a product via a delete_product_confirm action to product.php or (2) disable a product via a setflag action to categories.php.
CVE-2012-2930 (tinywebgallery)
Multiple cross-site request forgery (CSRF) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to hijack the authentication of administrators for requests that (1) add a user via an adduser action to admin/index.php or (2) conduct static PHP code injection attacks in .htusers.php via the user parameter to admin/index.php.
CVE-2012-2932 (tinywebgallery)
Multiple cross-site scripting (XSS) vulnerabilities in TinyWebGallery (TWG) before 1.8.8 allow remote attackers to inject arbitrary web script or HTML via the (1) selitems[] parameter in a copy, (2) chmod, or (3) arch action to admin/index.php or (4) searchitem parameter in a search action to admin/index.php.
CVE-2012-5451 (tvmobili)
Multiple stack-based buffer overflows in HttpUtils.dll in TVMOBiLi before 2.1.0.3974 allow remote attackers to cause a denial of service (tvMobiliService service crash) via a long string in a (1) GET or (2) HEAD request to TCP port 30888.
CVE-2015-0297 (jboss_operations_network)
Red Hat JBoss Operations Network 3.3.1 does not properly restrict access to certain APIs, which allows remote attackers to execute arbitrary Java methos via the (1) ServerInvokerServlet or (2) SchedulerService or (3) cause a denial of service (disk consumption) via the ContentManager.