Security Advisories & Alerts

Drupal SQLi (Drupalgeddon) Vulnerability: CVE-2014-3704

Description: The expandArguments function in the database abstraction API in Drupal core 7.x before 7.32 does not properly construct prepared statements, which allows remote attackers to conduct SQL injection attacks via an array containing crafted keys. Impact: A vulnerability in this API allows an attacker to send specially crafted requests...

Read more

SQL Injection Vulnerability in NextGEN Gallery for WordPress

Description: WordPress plugin NextGEN Gallery has severe SQL Injection vulnerability. According to the original source, one of the following conditions must be met for exploitation: The use of a NextGEN Basic TagCloud gallery. If users are able to submit posts to be reviewed (contributors). Impact: This vulnerability allows an unauthenticated...

Read more

CVE-2017-6074: Linux local root exploit

New CVE-2017-6074 Linux local root exploit was published. CVE-2017-6074: The dccp_rcv_state_process function in net/dccp/input.c in the Linux kernel through 4.9.11 mishandles DCCP_PKT_REQUEST packet data structures in the LISTEN state, which allows local users to obtain root privileges or cause a denial of service (double free) via an application that makes an...

Read more

CVE-2017-3135: denial-of-service vulnerability in ISC BIND 9

ISC announced CVE-2017-3135, a denial-of-service vulnerability that can affect resolvers using both DNS64 and RPZ to rewrite responses for the same view. This affects all BIND 9.9 releases since 9.9.3, all BIND 9.10 releases, and all BIND 9.11 releases, including the 9.9.10b1, 9.10.5b1, and 9.11.1b1 releases. Mitigation: Upgrade to the...

Read more

Don’t click “Chrome: The ‘HoeflerText’ font wasn’t found scam”

Researchers at Proofpoint discovered an infection technique which targets only chrome users on Windows. The Chrome users are targeted with Font Wasn’t Found Social Engineering Scheme if they navigate to a compromised website through search engines. Once users runs the downloaded file dubbed as “Chrome_Font.exe”, it gets installed and infects...

Read more

Page 32 of 32« First...1020...2829303132