Author Archives: CIRT Team



CIRT Team

in Security Advisories & Alerts

WordPress versions 4.7.2 and earlier are affected by six security issues

Description: Cross-site scripting (XSS) via media file metadata. Control characters can trick redirect URL validation Unintended files can be deleted by administrators using the plugin deletion functionality Cross-site scripting (XSS) via video URL in YouTube embeds. Cross-site scripting (XSS) via taxonomy term names. Cross-site request forgery (CSRF) in Press This...

Read more

0
08 Mar 2017
in Security Advisories & Alerts

Exim < 4.86.2 - Privilege Escalation Vulnerability

Description: CVE-2016-1531: Exim before 4.86.2, when installed as setuid root, allows local users to gain privileges via the perl_startup argument. Impact: When Exim installation has been compiled with Perl support and contains a  perl_startup configuration variable it can be exploited by malicious local  attackers to gain root privileges. Mitigation: Vendor...

Read more

0
06 Mar 2017
in Security Advisories & Alerts

Zimbra Collaboration Server 7.2.2 / 8.0.2 – Local File Inclusion Vulnerability

Description: CVE-2013-7091: Directory traversal vulnerability on /res/I18nMsg,AjxMsg,ZMsg,ZmMsg,AjxKeys,ZmKeys,ZdMsg,Ajx%20TemplateMsg.js.zgz in Zimbra 7.2.2 and 8.0.2 allows remote attackers to read arbitrary files via a .. (dot dot) in the skin parameter. NOTE: This can be leveraged to execute arbitrary code by obtaining LDAP credentials and accessing the service/admin/soap API. Impact: An attacker can...

Read more

0
06 Mar 2017
in Security Advisories & Alerts

Linux Kernel 4.4.1 – REFCOUNT Overflow/Use-After-Free in Keyrings Privilege Escalation vulnerability

Description: CVE-2016-0728: The join_session_keyring function in security/keys/process_keys.c in the Linux kernel before 4.4.1 mishandles object references in a certain error case, which allows local users to gain privileges or cause a denial of service (integer overflow and use-after-free) via crafted keyctl commands. Impact: Local attackers may exploit this issue to...

Read more

0
06 Mar 2017
Page 100 of 102« First...102030...9899100101102