Monthly Archives: February 2017

NVD

CVE-2017-5942

An issue was discovered in the WP Mail plugin before 1.2 for WordPress. The replyto parameter when composing a mail allows for a reflected XSS. This would allow you to execute JavaScript in the context of the user receiving the mail.

NVD

CVE-2017-5953

vim before patch 8.0.0322 does not properly validate values for tree length when handling a spell file, which may result in an integer overflow at a memory allocation site and a resultant buffer overflow.

NVD

CVE-2017-5945

An issue was discovered in the PoodLL Filter plugin through 3.0.20 for Moodle. The vulnerability exists due to insufficient filtration of user-supplied data in the “poodll_audio_url” HTTP GET parameter passed to the “filter_poodll_moodle32_2016112802/poodll/mp3recorderskins/brazil/index.php” URL. An attacker could execute arbitrary HTML and script code in a browser in the context of the vulnerable website.

Hackers News

Watch Out! First-Ever Word Macro Malware for Apple Mac OS Discovered in the Wild

After targeting Windows-based computers over the past few years, hackers are now shifting their interest to Macs as well.

The emergence of the first macro-based Word document attack against Apple’s macOS platform is the latest example to prove this.

The concept of Macros dates back to 1990s. You might be familiar with the message that reads: “Warning: This document contains macros.”

Macro is a

Hackers News

New Windows Trojan Spreads MIRAI Malware To Hack More IoT Devices

MIRAI – possibly the biggest IoT-based malware threat that emerged last year, which caused vast internet outage in October last year by launching massive distributed denial-of-service (DDoS) attacks against the popular DNS provider Dyn.

Now, the infamous malware has updated itself to boost its distribution efforts.

Researchers from Russian cyber-security firm Dr.Web have now uncovered a