Security Advisories & Alerts


SQL Injection Vulnerability in NextGEN Gallery for WordPress

Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation: The use of a NextGEN Basic TagCloud gallery. If users are able to submit posts to be reviewed (contributors). Impact: This vulnerability allows an unauthenticated...

Read more


CVE-2017-6074: Linux local root exploit

New CVE-2017-6074 Linux local root exploit was published. CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an...

Read more


CVE-2017-3135: denial-of-service vulnerability in ISC BIND 9

ISC announced CVE-2017-3135, a denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases, and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and 9.11.1b1 releases. Mitigation: Upgrade to the...

Read more


Don’t click “Chrome: The ‘HoeflerText’ font wasn’t found scam”

Researchers at Proofpoint discovered an infection technique which targets only chrome users on Windows. The Chrome users are targeted with Font Wasn’t Found Social Engineering Scheme if they navigate to a compromised website through search engines. Once users runs the downloaded file dubbed as “Chrome_Font.exe”, it gets installed and infects...

Read more


Page 32 of 32« First...1020...2829303132