Apple has resolved a serious security vulnerability known as Ins0mnia in its latest update.
The post iOS vulnerability Ins0mnia fixed by Apple appeared first on We Live Security.
Apple has resolved a serious security vulnerability known as Ins0mnia in its latest update.
The post iOS vulnerability Ins0mnia fixed by Apple appeared first on We Live Security.
WordPress Responsive Thumbnail Slider plugin version 1.0 suffers from a remote shell upload vulnerability.
Posted by Scott Arciszewski on Aug 27
In the near future on an IRC server near you:
CVE-2015-5687 (PHP Object Injection in AnchorCMS)
=================================================
Out of the box, AnchorCMS defaults to store all session state in a
cookie (contrast this with only storing a unique identifier in a
cookie which references a server-side storage mechanism, such as a
temporary file or a database row).
Aside: If you have paid attention to my past work with Laravel,…
Posted by dxw Security on Aug 27
Details
================
Software: Private Only
Version: 3.5.1
Homepage: http://wordpress.org/plugins/private-only/
Advisory report:
https://security.dxw.com/advisories/csrfxss-vulnerability-in-private-only-could-allow-an-attacker-to-do-almost-anything-an-admin-user-can/
CVE: CVE-2015-5483
CVSS: 5.8 (Medium; AV:N/AC:M/Au:N/C:P/I:P/A:N)
Description
================
CSRF/XSS vulnerability in Private Only could allow an attacker to do almost…
Posted by dxw Security on Aug 27
Details
================
Software: Navis DocumentCloud
Version: 0.1
Homepage: https://wordpress.org/plugins/navis-documentcloud/
Advisory report: https://security.dxw.com/advisories/publicly-exploitable-xss-in-wordpress-plugin-navis-documentcloud/
CVE: CVE-2015-2807
CVSS: 6.4 (Medium; AV:N/AC:L/Au:N/C:P/I:P/A:N)
Description
================
Publicly exploitable XSS in WordPress plugin Navis Documentcloud
Vulnerability
================
This…
Posted by nullcon on Aug 27
Dear Friends,
Welcome to nullcon se7en!
$git commit -a <sin>
<sin> := wrath | pride | lust | envy | greed | gluttony | sloth
nullcon is an annual security conference held in Goa, India. The focus
of the conference is to showcase the next generation of offensive and
defensive security technology. We happily open doors to researchers
and hackers around the world working on the next big thing in security
and request…
CentOS Errata and Security Advisory 2015:1693 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1693.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 4accd0ef78beb2cffe7de1eb2cb077d3260d2be1254241b94dcabd5429668ffa firefox-38.2.1-1.el5.centos.i386.rpm x86_64: 4accd0ef78beb2cffe7de1eb2cb077d3260d2be1254241b94dcabd5429668ffa firefox-38.2.1-1.el5.centos.i386.rpm ee12a3a8a5ef058838bb608ec2f7bedb4033c0a4494b14e562d0567f98b8fad6 firefox-38.2.1-1.el5.centos.x86_64.rpm Source: c90518b13fdd40682ddfed92ebff461d50ba1b4504e553119caf965de91e5892 firefox-38.2.1-1.el5.centos.src.rpm
Original release date: August 27, 2015
The Mozilla Foundation has released security updates to address a critical vulnerability in Firefox and Firefox ESR. Exploitation of this vulnerability may allow a remote attacker to take control of an affected system.
Available updates include:
US-CERT encourages users and administrators to review the Security Advisories for Firefox and Firefox ESR and apply the necessary updates.
This product is provided subject to this Notification and this Privacy & Use policy.
CentOS Errata and Security Advisory 2015:1693 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1693.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) i386: 1de25353a5da5a88b766f833b08fd919232f64d8c4bd22c21dc7a2a942a5882f firefox-38.2.1-1.el6.centos.i686.rpm x86_64: 1de25353a5da5a88b766f833b08fd919232f64d8c4bd22c21dc7a2a942a5882f firefox-38.2.1-1.el6.centos.i686.rpm cde86c052706e5e98ab2fd10657d9e538e0f30ba96765f2f31986a60e1f49c5e firefox-38.2.1-1.el6.centos.x86_64.rpm Source: e798d96ab134c3116832be3e7245e144d2a4929fc413114e7e501303ac7e6d89 firefox-38.2.1-1.el6.centos.src.rpm
CentOS Errata and Security Advisory 2015:1693 Critical Upstream details at : https://rhn.redhat.com/errata/RHSA-2015-1693.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: ccd6daae6b5970ffd6d52ea9ef5b7fe86f7fe70433769e107da8e6e120f5cdda firefox-38.2.1-1.el7.centos.i686.rpm 8f0427d72b51874513dcff75cea91a9ad9c6df842274fa10962599793f07cb0e firefox-38.2.1-1.el7.centos.x86_64.rpm Source: 39557ff01ea4da417e94adec1aa984713f4228164e660abec3fbb8357cff126d firefox-38.2.1-1.el7.centos.src.rpm