A popular version of the Magento ecommerce platform is vulnerable to a remote code execution bug, putting as many as 200,000 online retailers at risk.
Tag Archives: CSRF
WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities
A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs.
PayPal Fixes CSRF Vulnerability in PayPal.me
PayPal recently fixed a vulnerability on its PayPal.me site that could’ve let an attacker change a user’s profile without their permission.
No Password Required! 135 Million Modems Open to Remote Factory Reset
More than 135 Million modems around the world are vulnerable to a flaw that can be exploited remotely to knock them offline by cutting off the Internet access.
The simple and easily exploitable vulnerability has been uncovered in one of the most popular and widely-used cable modem, the Arris SURFboard SB6141, used in Millions of US households.
Security researcher David Longenecker
Microsoft Pays $13,000 to Hacker for Finding Authentication Flaw
A security researcher has won $13,000 bounty from Microsoft for finding a critical flaw in its main authentication system that could allow hackers to gain access to a user’s Outlook, Azure and Office accounts.
The vulnerability has been uncovered by UK-based security consultant Jack Whitton and is similar to Microsoft’s OAuth CSRF (Cross-Site Request Forgery) in Live.com discovered by
Magento Update Addresses XSS, CSRF Vulnerabilities
Magento patched 20 flaws last week, including a stored cross-site scripting (XSS) vulnerability that could have let an attacker take over a site.
CERT Warns of Slew of Bugs in Belkin N600 Routers
The CERT/CC is warning users that some Belkin home routers contain a number of vulnerabilities that could allow an attacker to spoof DNS responses, intercept credentials sent in cleartext, access the web management interface, and take other actions on vulnerable routers. The vulnerabilities affect the Belkin N600 DB Wireless Dual Band N+ router, model F9K1102 v2 with […]
PHP File Manager Riddled With Vulnerabilities, Including Backdoor
Multiple critical vulnerabilities have existed, some for nearly five years, in PHP File Manager, a web-based file manager used by several high profile corporations.
Several Critical Flaws Patched in Drupal Module
There are several critical vulnerabilities in a middleware layer used in Drupal, including both cross-site scripting and cross-site request forgery bugs, that can be exploited remotely. The vulnerabilities are in the Open Semantic Framework, which is a third-party project and not part of the Drupal Core. The framework is used to allow “structured data (RDF) […]
Trio of Vulnerabilities Patched in Magneto Web App
A trio of vulnerabilities were recently patched in eBay’s Magento e-commerce web application that could have let attackers carry out a handful of exploits.