Hawkeye-G v3.0.1.4912 CSRF Vulnerability CVE-2015-2878
Monthly Archives: July 2015
Bugtraq: [SECURITY] [DSA 3315-1] chromium-browser security update
[SECURITY] [DSA 3315-1] chromium-browser security update
Bugtraq: Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
Hawkeye-G v3 CSRF Vulnerability ***[UPDATED CORRECTED]
XSS Vulnerability In WordPress – Update Now
The guys from WordPress just released version 4.2.3 of their software, which is mostly a security update. They “strongly encourage you to update your sites immediately.“ To do so just visit your Dashboard, click on ‘Updates’ and then on ‘Update Now’. As mentioned above you’ll only have to update manually if, for whatever reason, you decided to disable the automatic updates.
According to their blog entry the newest version contains fixes for 20 bugs from 4.2. The page also says: “WordPress versions 4.2.2 and earlier are affected by a cross-site scripting vulnerability, which could allow users with the Contributor or Author role to compromise a site. This was initially reported by Jon Cave and fixed by Robert Chapin, both of the WordPress security team, and later reported by Jouko Pynnönen.
We also fixed an issue where it was possible for a user with Subscriber permissions to create a draft through Quick Draft. Reported by Netanel Rubin from Check Point Software Technologies.“
And don’t forget: Since WordPress is definitely one of the most popular Content Management Systems and blogging platforms out there it remains an attractive target for cybercriminals – especially due to the huge user base. Administrators should always keep their WordPress installations (including addons and themes) updated and patch as soon as there are security updates available.
If you want to find out more about the dangers you could face as a blog administrator and get some advice which might help you to protect your page, take a look at Ange Albertini’s blog article concerning the topic.
The post XSS Vulnerability In WordPress – Update Now appeared first on Avira Blog.
VUPEN Launches New Zero-Day Acquisition Firm Zerodium
In the weeks since the Hacking Team breach, the spotlight has shone squarely on the small and often shadowy companies that are in the business of buying and selling exploits nd vulnerabilities. One such company, Netragard, this week decided to get out of that business after its dealings with Hacking Team were exposed. But now […]
RHSA-2015:1488-1: Critical: java-1.7.0-ibm security update
Red Hat Enterprise Linux: Updated java-1.7.0-ibm packages that fix several security issues are now
available for Red Hat Enterprise Linux 5 Supplementary.
Red Hat Product Security has rated this update as having Critical security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-1931, CVE-2015-2590, CVE-2015-2601, CVE-2015-2613, CVE-2015-2619, CVE-2015-2621, CVE-2015-2625, CVE-2015-2632, CVE-2015-2637, CVE-2015-2638, CVE-2015-2664, CVE-2015-4000, CVE-2015-4729, CVE-2015-4731, CVE-2015-4732, CVE-2015-4733, CVE-2015-4736, CVE-2015-4748, CVE-2015-4749, CVE-2015-4760
RHSA-2015:1483-1: Important: libuser security update
Red Hat Enterprise Linux: Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 7.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3245, CVE-2015-3246
RHSA-2015:1482-1: Important: libuser security update
Red Hat Enterprise Linux: Updated libuser packages that fix two security issues are now available for
Red Hat Enterprise Linux 6.
Red Hat Product Security has rated this update as having Important security
impact. Common Vulnerability Scoring System (CVSS) base scores, which give
detailed severity ratings, are available for each vulnerability from the
CVE links in the References section.
CVE-2015-3245, CVE-2015-3246
RHBA-2015:1489-1: fix dependency issue with python-rhsm
Red Hat Enterprise Linux: Updated python-rhsm packages that fix one bug are now available for RHN Tools
Channel for Red Hat Enterprise Linux 5.
CESA-2015:1483 Important CentOS 7 libuserSecurity Update
CentOS Errata and Security Advisory 2015:1483 Important Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1483.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ba0dc0818d6776e31b3e52da05203be646938aad0d2594d2db117d65e1a4b716 libuser-0.60-7.el7_1.i686.rpm 226b33436c0c31da87f885761904d09f94d1c578ed5fc2897decd7af64ff940a libuser-0.60-7.el7_1.x86_64.rpm 8401bb23e3725fdfb8cc0c470b641c70097b549ed284d69cfb9eeb0e81ec421f libuser-devel-0.60-7.el7_1.i686.rpm 96523516a410d8ead6ff334e304a751033ac81756d6958bbe748b993383eb8f0 libuser-devel-0.60-7.el7_1.x86_64.rpm 01f0b382502df82273888d2e8caf5933ca9ff2160e6f5d2b69708b3b858d712a libuser-python-0.60-7.el7_1.x86_64.rpm Source: d4fa813133e5cf1c0a0447a1c6ae41eb5734bef5e4cab8af3ec2d1e69d9661b0 libuser-0.60-7.el7_1.src.rpm