The User module in Drupal 6.x before 6.38 and 7.x before 7.43 allows remote attackers to gain privileges by leveraging contributed or custom code that calls the user_save function with an explicit category and loads all roles into the array.
Monthly Archives: April 2016
CVE-2016-3170
The “have you forgotten your password” links in the User module in Drupal 7.x before 7.43 and 8.x before 8.0.4 allow remote attackers to obtain sensitive username information by leveraging a configuration that permits using an email address to login and a module that permits logging in.
CVE-2016-3171 (debian_linux, drupal)
Drupal 6.x before 6.38, when used with PHP before 5.4.45, 5.5.x before 5.5.29, or 5.6.x before 5.6.13, might allow remote attackers to execute arbitrary code via vectors related to session data truncation.
Microsoft Security Bulletin Summary For April, 2016
This bulletin summary lists thirteen released Microsoft security bulletins for April, 2016.
IBM Java Issue 70 Bad Patch
The patch for Issue 70 in IBM Java discovered by Security Explorations in 2013 was found to be faulty. Included are the full report and a proof of concept.
How to decrypt Petya Ransomware for Free
Ransomware has risen dramatically since last few years and is currently one of the most popular threats on the Internet.
The Ransomware infections have become so sophisticated with the time that victims end up paying ransom in order to get their critical and sensitive data back.
But if you are infected with Petya Ransomware, there is good news for you.
<!– adsense –>
You can unlock
Red Hat Security Advisory 2016-0615-01
Red Hat Security Advisory 2016-0615-01 – OpenShift Enterprise by Red Hat is the company’s cloud computing Platform-as-a-Service solution designed for on-premise or private cloud deployments. A buffer overflow flaw was discovered in the OVS processing of MPLS labels. A remote attacker able to deliver a frame containing a malicious MPLS label that would be processed by OVS could trigger the flaw and use the resulting memory corruption to cause a denial of service or, possibly, execute arbitrary code.
Red Hat Security Advisory 2016-0617-01
Red Hat Security Advisory 2016-0617-01 – The kernel packages contain the Linux kernel, the core of any Linux operating system. Security Fix: It was found that the fix for CVE-2015-1805 incorrectly kept buffer offset and buffer length in sync on a failed atomic read, potentially resulting in a pipe buffer state corruption. A local, unprivileged user could use this flaw to crash the system or leak kernel memory to user space.
Debian Security Advisory 3485-2
Debian Linux Security Advisory 3485-2 – The update for didiwiki issued as DSA-3485-1 introduced a regression that caused a large number of valid pages to not be accessible anymore. This occurred mostly for pages whose names started with non-ascii characters.
RockMongo 1.1.8 Cross Site Request Forgery / Cross Site Scripting
RockMongo version 1.1.8 suffers from cross site request forgery, cross site scripting, and html injection vulnerabilities.