Tradukka.com suffered from a cross site scripting vulnerability.
Monthly Archives: April 2016
IBM Java Issue 67 Bad Patch
The patch for Issue 67 in IBM Java discovered by Security Explorations in 2013 was found to be faulty.
Bitcoin/Altcoin Stratum Pool Mass Duplicate Shares
This particular vulnerability makes it possible to force a Stratum Mining Pool to accept “invalid” shares by the thousands for each mining pool round. It is possible to make pure money from this vulnerability. The exploit is real but affects only a fraction of Stratum Mining Pools.
Suricata IDPE 3.0.1
Suricata is a network intrusion detection and prevention engine developed by the Open Information Security Foundation and its supporting vendors. The engine is multi-threaded and has native IPv6 support. It’s capable of loading existing Snort rules and signatures and supports the Barnyard and Barnyard2 tools.
DSA-3543 oar – security update
Emmanuel Thome discovered that missing sanitising in the oarsh command
of OAR, a software used to manage jobs and resources of HPC clusters,
could result in privilege escalation.
GLSA 201604-03: Xen: Multiple vulnerabilities
DSA-3541 roundcube – security update
High-Tech Bridge Security Research Lab discovered that Roundcube, a
webmail client, contained a path traversal vulnerability. This flaw
could be exploited by an attacker to access sensitive files on the
server, or even execute arbitrary code.
DSA-3542 mercurial – security update
Several vulnerabilities have been discovered in Mercurial, a distributed
version control system. The Common Vulnerabilities and Exposures project
identifies the following issues:
Unauthenticated CSRF reboot flaw in ARRIS (Motorola) SURFboard modems
Posted by David Longenecker on Apr 04
ARRIS (formerly Motorola) SURFboard 6141 broadband cable modems, with the
latest firmware deployed by Time Warner Cable, have a LAN-side web UI with
a fixed IP address, that does not require authentication, and a cross site
request forgery vulnerability through which it is possible to reboot the
modem with one click.
It is also possible to factory reset the modem with a simple
unauthenticated URL. This causes a longer outage while the modem…
Daily Edition theme for WordPress
Posted by MustLive on Apr 04
Hello!
Recently I wrote you about Daily Edition theme for WordPress. Earlier I
wrote about FPD vulnerability, but mentioned second one (AFU). The two
vulnerabilities from all, which I disclosed in 2011 in TimThumb.
Concerning this advisory about Daily Edition at security mailing lists:
https://packetstormsecurity.com/files/130720/WordPress-Daily-Edition-1.6.2-File-Upload.html
http://seclists.org/fulldisclosure/2015/Mar/35
Wang Jing disclosed…