WordPress BulletProof Security 50.8 Script Insertion
WordPress BulletProof Security plugin version 50.8 suffers from a script insertion vulnerability.
Shellshock Bashed CGI RCE
This Metasploit module exploits the shellshock vulnerability in apache cgi. It allows you to execute any metasploit payload you want.
Threatpost News Wrap, October 3, 2014
Dennis Fisher and Mike Mimoso talk about the Bash Shellshock bug nightmare and the BadUSB code release.
HTTP Commander AJS 3.1.9 Exception Cross Site Scripting
HTTP Commander AJS version 3.1.9 suffers from a cross site scripting vulnerability that can be exploited via exception handling.
Advanced Information Security Shellshock Scanner
AIS shellshock scanning tool that leverages the User-Agent header against a large list of possible targets. Written in C.
PayPal France Mail Encoding Script Insertion
PayPal France suffered from a mail encoding script insertion vulnerability.
JP Morgan Chase data breach – bank admits 76 million affected
JP Morgan Chase, one of the largest banks in America has admitted that a JP Morgan Chase data breach has affected 76 million customers, and seven million small businesses, the Guardian reports.
The post JP Morgan Chase data breach – bank admits 76 million affected appeared first on We Live Security.
[ MDVA-2014:018 ] timezone
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 _______________________________________________________________________ Mandriva Linux Advisory MDVA-2014:018 http://www.mandriva.com/en/support/security/ _______________________________________________________________________ Package : timezone Date : October 3, 2014 Affected: Business Server 1.0 _______________________________________________________________________ Problem Description: This is a maintenance and bugfix release that upgrades the timezone data packages to the 2014g version. _______________________________________________________________________ Updated Packages: Mandriva Business Server 1/X86_64: 0a1bda6ed3fb936cd1ce76528cce8e52 mbs1/x86_64/timezone-2014g-1.mbs1.x86_64.rpm cdca8c5afa60b40bbe08d3b939880722 mbs1/x86_64/timezone-java-2014g-1.mbs1.x86_64.rpm 87f855e977ac8cbb448a18ef4ffb1ab3 mbs1/SRPMS/timezone-2014g-1.mbs1.src.rpm _______________________________________________________
Elasticsearch 1.3.x CORS Issue
Elasticsearch versions 1.3.x and prior have a default configuration for CORS that allows an attacker to craft links that could cause a user’s browser to send requests to Elasticsearch instances on their local network. These requests could cause data loss or compromise.