Debian Linux Security Advisory 3024-1 – Genkin, Pipman and Tromer discovered a side-channel attack on Elgamal encryption subkeys.
Category Archives: Security
Security
Debian Security Advisory 3023-1
Debian Linux Security Advisory 3023-1 – Jared Mauch reported a denial of service flaw in the way BIND, a DNS server, handled queries for NSEC3-signed zones. A remote attacker could use this flaw against an authoritative name server that served NCES3-signed zones by sending a specially crafted query, which, when processed, would cause named to crash.
Rooted SSH/SFTP Daemon Default Login Credentials
Rooted SSH/SFTP Daemon installs with static default root credentials and does not prompt the user to change them.
Joomla Spider Form Maker 4.3 SQL Injection
Joomla Spider Form Maker versions 4.3 and below suffer from a remote SQL injection vulnerability.
Food Order Portal 8.3 Cross Site Request Forgery
Food Order Portal version 8.3 suffers from a cross site request forgery vulnerability. Note that this finding houses site-specific data.
WordPress Photo Album Plus 5.4.4 Cross Site Scripting
WordPress Photo Album plugin versions 5.4.3 through 5.4.4 suffer from multiple cross site scripting vulnerabilities.
Travel Portal II 6.0 Cross Site Request Forgery
Travel Portal II version 6.0 suffers from a cross site request forgery vulnerability.
Hacked Brazilian Newspaper Site Targets Router DNS Settings
A Brazilian political website has been compromised and is injecting iFrames that attempt to change the victim’s router DNS settings.
HttpFileServer 2.3.x Remote Command Execution
HttpFileServer version 2.3.x suffers from a remote command execution vulnerability due to a poorly formed regex.