Description: CVE-2016-4010: Magento CE and EE before 2.0.6 allows remote attackers to conduct PHP objection injection attacks and execute arbitrary PHP code via crafted serialized shopping cart data. Impact: Magento e-commerce platform is vulnerable to an unauthenticated arbitrary file write vulnerability. Attackers can exploit this issue to gain administrative access...
Read more
Description: CVE-2016-8869: The register method in the UsersModelRegistration class in controllers/user.php in the Users component in Joomla! before 3.6.4 allows remote attackers to gain privileges by leveraging incorrect use of unfiltered data when registering on a site. CVE-2016-8870: The register method in the UsersModelRegistration class in controllers/user.php in the Users...
Read more
Description: httpoxy is a set of vulnerabilities that affect application code running in CGI or CGI-like environments. It comes down to a simple namespace conflict: RFC 3875 (CGI) puts the HTTP Proxy header from a request into the environment variables as HTTP_PROXY HTTP_PROXY is a popular environment variable used to...
Read more
Description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. Impact: A vulnerability in this API allows an attacker to send specially crafted requests...
Read more
Description: The user interface for assigning taxonomy terms in Press is shown to users who do not have permissions to use it. WP_Query is vulnerable to a SQL injection (SQLi) when passing unsafe data. WordPress core is not directly vulnerable to this issue. A cross-site scripting (XSS) vulnerability was discovered...
Read more
Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation: The use of a NextGEN Basic TagCloud gallery. If users are able to submit posts to be reviewed (contributors). Impact: This vulnerability allows an unauthenticated...
Read more
The government in collaboration with cyber security and tech giants is going to organize an international cyber security conference in the capital on 9 March 2017 aims at taking a coordinated initiative to prevent and check the alarming rise of cyber-attacks. Leveraging ICT for Growth, Employment and Governance (LICT) of...
Read more
CVE-2016-0099: The Secondary Logon Service in Microsoft Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8.1, Windows Server 2012 Gold and R2, Windows RT 8.1, Windows 10 Gold and 1511 does not properly process request handles, which allows local users to gain privileges via...
Read more
CVE-2016-5195: Race condition in mm/gup.c in the Linux kernel 2.x through 4.x before 4.8.3 allows local users to gain privileges by leveraging incorrect handling of a copy-on-write (COW) feature to write to a read-only memory mapping, as exploited in the wild in October 2016, aka “Dirty COW.” Mitigation: Updates are...
Read more
The more severe of these vulnerabilities could allow elevation of privilege if an attacker logs on locally and runs arbitrary code in kernel mode. An attacker could then install programs, view, change or delete data or create new accounts with full user rights. Mitigation: Microsoft has released patches for Windows...
Read more
