Following last month’s leak of 13gb worth of private Snapchat videos, the vanishing message service has announced a new policy whereby it will automatically detect third-party apps, and advise users to disconnect them, reports Tech Crunch.
The post Snapchat urges users to disconnect third party apps after breach appeared first on We Live Security.
After taking a look at recent Korplug (PlugX) detections, we identified two larger scale campaigns employing this well-known Remote Access Trojan. This blog gives an overview of the first one
The post Korplug military targeted attacks: Afghanistan & Tajikistan appeared first on We Live Security.
The Freelinking module implements a filter framework for easier creation of HTML links to other pages on the site or to external sites.
The module does not sanitize the node title when providing a link to the node, opening a Cross Site Scripting (XSS) vulnerability.
This vulnerability is mitigated by the fact that the person creating the content containing the link must have a role that allows use of an unsafe text format (e.g. “Full HTML”), or the Freelinking filter must be placed after all text sanitizion filters (e.g. “Limit allowed HTML tags”) in an otherwise safe text format (e.g. “Filtered HTML”).
Please note that this vulnerability also existed the freelinking_nodetitle.inc in versions prior to 6.x-3.4 and 7.x-3.4, but this was patched in releases 6.x-3.4 and 7.x-3.4.
Drupal core is not affected. If you do not use the contributed Freelinking module,
there is nothing you need to do.
Install the latest version:
Please note that the plugin freelinking_path.inc contains multible vulnerabilities and was removed in the releases 6.x-3.3 and 7.x-3.3. You should check to see if this file is still present, and if it is: Remove it from the plugin sub-directory before you install the latest version.
Also see the Freelinking project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at
https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies,
writing secure code for Drupal, and
securing your site.
CentOS Errata and Enhancement Advisory 2014:1839 Upstream details at : https://rhn.redhat.com/errata/RHEA-2014-1839.html The following updated files have been uploaded and are currently syncing to the mirrors: ( sha256sum Filename ) x86_64: 8130609425e3f9e02ddeb6858cde05e92623c6b6f163b12db159d154c232ea2f kmod-hpsa-3.4.4_1_RH1-1.el7_0.x86_64.rpm Source: 37143fc2ba305e70713d6eb3a162070b14e67250c470591480c3b436f860e089 hpsa-3.4.4_1_RH1-1.el7_0.src.rpm
Piwigo versions 2.6.0 and below suffer from a remote blind SQL injection vulnerability.
The Webform component module enables site admins to limit visibility or editability of webform components based on user roles.
The module doesn’t sufficiently check that disabled component values are not modified upon submission of the form.
Drupal core is not affected. If you do not use the contributed Webform Component Roles module,
there is nothing you need to do.
Install the latest version:
Also see the Webform Component Roles project page.
The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.
Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.