Monthly Archives: August 2015

Panda Security

Panda Security detects and blocks 99.9% of threats!

March, April, May and June. During the last four months, Panda Security has obtained the best rate protection in the Real World Protection Test by Av-Comparatives.

It’s possible that you don’t know exactly what this means, so that’s where we come in! The test reflects real conditions in which the security solutions of different companies are analyzed and examined.

It is an independent laboratory, so the conclusions drawn from the tests are really important.

In these tests, Panda participated with our free antivirus, Panda Antivirus Free, and successfully detected and blocked 99% of the threats.

It’s easy for us to say this to you in words, but we think you’ll appreciate it more with this info-graph.

best protection

So, there you have it, if you want the best protection… you need Panda!

If you want to share the info-graph you can do it with this code!

The post Panda Security detects and blocks 99.9% of threats! appeared first on MediaCenter Panda Security.

Full Disclosure

SEC Consult SA-20150805-0 :: Websense Content Gateway Stack Buffer Overflow in handle_debug_network

Posted by SEC Consult Vulnerability Lab on Aug 05

SEC Consult Vulnerability Lab Security Advisory < 20150805-0 >
=======================================================================
title: Stack buffer overflow in handle_debug_network
product: Websense Triton Content Manager
vulnerable version: 8.0.0 build 1165
fixed version: V8.0.0 HF02
CVE number: CVE-2015-5718
impact: high
homepage: www.websense.com…

Avira

Windows 10 Delivers Updates From Your PC To Strangers

If you have a Windows 7 or 8.x, chances are that you already upgraded to the latest Windows version.

What you probably don’t know is that Windows Update Delivery optimization (WUDO) has set up your computer in a Peer to Peer network to deliver updates for other Windows 10 users.

The post Windows 10 Delivers Updates From Your PC To Strangers appeared first on Avira Blog.

Full Disclosure

Mozilla extensions: a security nightmare

Posted by Stefan Kanthak on Aug 05

Hi @ll,

Mozilla Thunderbird 38 and newer installs and activates per default
the ‘Lightning’ extension.

Since extensions live in the (Firefox and) Thunderbird profiles
(which are stored beneath %APPDATA% in Windows) and ‘Lightning’ comes
(at least for Windows) with a DLL and some Javascript, Thunderbird
with ‘Lightning’ violates one of the mandatory and basic requirements
of the now 20 year old “Designed for…

NVD

CVE-2015-3438

Multiple cross-site scripting (XSS) vulnerabilities in WordPress before 4.1.2, when MySQL is used without strict mode, allow remote attackers to inject arbitrary web script or HTML via a (1) four-byte UTF-8 character or (2) invalid character that reaches the database layer, as demonstrated by a crafted character in a comment.

Fedora

Fedora 23 Security Update: wordpress-4.2.4-1.fc23

Resolved Bugs
1250584 – CVE-2015-2213 wordpress: cross-site scripting vulnerabilities and a potential SQL injection [fedora-all]
1250583 – CVE-2015-2213 wordpress: cross-site scripting vulnerabilities and a potential SQL injection<br
**WordPress 4.2.4 Security and Maintenance Release**
WordPress 4.2.4 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately.
This release addresses six issues, including three cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise a site, which were discovered by Marc-Alexandre Montpas of Sucuri, Helen Hou-Sandí of the WordPress security team, Netanel Rubin of Check Point, and Ivan Grigorov. It also includes a fix for a potential timing side-channel attack, discovered by Johannes Schmitt of Scrutinizer, and prevents an attacker from locking a post from being edited, discovered by Mohamed A. Baset.
Our thanks to those who have practiced responsible disclosure of security issues.
WordPress 4.2.4 also fixes four bugs. For more information, see:
the release notes or consult the list of changes.
* the release notes: https://codex.wordpress.org/Version_4.2.4
* the list of changes: https://core.trac.wordpress.org/log/branches/4.2?rev=33573&stop_rev=33396