Archive for January, 2019

154 results.

[20190101] – Core – Stored XSS in mod_banners

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
  • Project: Joomla!
  • SubProject: CMS
  • Impact: Low
  • Severity: Low
  • Versions: 2.5.0 through 3.9.1
  • Exploit type: XSS
  • Reported Date: 2018-December-01
  • Fixed Date: 2019-January-15
  • CVE Number: CVE-2019-6264

Description

Inadequate escaping in mod_banners leads to a stored XSS vulnerability.

Affected Installs

Joomla! CMS versions 2.5.0 through 3.9.1

Solution

Upgrade to version 3.9.2

Contact

The JSST at the Joomla! Security Centre.

Reported By: Antonin Steinhauser

 Comment 

Joomla 3.9.2 Release

Jan15
by Ike on January 15, 2019 at 2:45 pm
Posted In: Uncategorized
Joomla 3.9.2

Joomla 3.9.2 is now available. This is a security release for the 3.x series of Joomla which addresses 4 security vulnerabilities and contains over 50 bug fixes and improvements.

 Comment 

WordPress 5.0 and Gutenberg – What you should expect

Jan15
by Ike on January 15, 2019 at 7:30 am
Posted In: Uncategorized

The post WordPress 5.0 and Gutenberg – What you should expect appeared first on Plesk.

 Comment 

Fedora 28: nbdkit Security Update

Jan15
by Ike on January 15, 2019 at 6:36 am
Posted In: Uncategorized

(Jan 15) New upstream version 1.4.4. Fix low priority security issue with TLS: https://www.redhat.com/archives/libguestfs/2018-December/msg00047.html

 Comment 

Debian: DSA-4368-1: zeromq3 security update

Jan15
by Ike on January 15, 2019 at 6:07 am
Posted In: Uncategorized

(Jan 14) Guido Vranken discovered that an incorrect bounds check in ZeroMQ, a lightweight messaging kernel, could result in the execution of arbitrary code.

 Comment 

Debian: DSA-4369-1: xen security update

Jan15
by Ike on January 15, 2019 at 5:59 am
Posted In: Uncategorized

(Jan 14) Multiple vulnerabilities have been discovered in the Xen hypervisor: CVE-2018-19961 / CVE-2018-19962

 Comment 

Ubuntu 3856-1: GNOME Bluetooth vulnerability

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) GNOME Bluetooth could allow unintended access to devices.

 Comment 

Ubuntu 3857-1: PEAR vulnerability

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) XXX FILL ME IN: Summary for regular (non-admin) users XXX

 Comment 

RedHat: RHSA-2019-0049:01 Important: systemd security update

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 14) An update for systemd is now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability

 Comment 

Fedora 28: gnutls Security Update

Jan15
by Ike on January 15, 2019 at 5:52 am
Posted In: Uncategorized

(Jan 15) Added explicit Requires for nettle >= 3.4.1

 Comment 

Website Management Routine Basics

Jan14
by Ike on January 14, 2019 at 8:29 am
Posted In: Uncategorized

The post Website Management Routine Basics appeared first on Plesk.

 Comment 

Debian: DSA-4367-1: systemd security update

Jan14
by Ike on January 14, 2019 at 6:36 am
Posted In: Uncategorized

(Jan 13) The Qualys Research Labs discovered multiple vulnerabilities in systemd-journald. Two memory corruption flaws, via attacker-controlled alloca()s (CVE-2018-16864, CVE-2018-16865) and an out-of-bounds read flaw leading to an information leak (CVE-2018-16866), could allow an attacker to

 Comment 

Fedora 28: php-horde-Horde-Image Security Update

Jan14
by Ike on January 14, 2019 at 6:08 am
Posted In: Uncategorized

(Jan 11) **Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.

 Comment 

Debian: DSA-4366-1: vlc security update

Jan13
by Ike on January 13, 2019 at 6:29 am
Posted In: Uncategorized

(Jan 12) An integer underflow was discovered in the CAF demuxer of the VLC media player. For the stable distribution (stretch), this problem has been fixed in

 Comment 

Fedora 29: electrum Security Update

Jan13
by Ike on January 13, 2019 at 6:00 am
Posted In: Uncategorized

(Jan 11) backport anti-phishing fixes

 Comment 

Fedora 29: polkit Security Update

Jan13
by Ike on January 13, 2019 at 5:55 am
Posted In: Uncategorized

(Jan 13) Due to kernel issue there is a way to reuse start_time of a process. This allows to duplicate process authorized by polkit. This update mitigates polkit issue #75 (slowfork): https://gitlab.freedesktop.org/polkit/polkit/issues/75

 Comment 

Fedora 29: mingw-nettle Security Update

Jan12
by Ike on January 12, 2019 at 5:51 am
Posted In: Uncategorized

(Jan 12) Resolves CVE-2018-16869

 Comment 

Fedora 28: mingw-nettle Security Update

Jan12
by Ike on January 12, 2019 at 5:37 am
Posted In: Uncategorized

(Jan 12) Resolves CVE-2018-16869

 Comment 

Ubuntu 3852-1: Exiv2 vulnerabilities

Jan12
by Ike on January 12, 2019 at 5:27 am
Posted In: Uncategorized

(Jan 10) Several security issues were fixed in Exiv2.

 Comment 

Ubuntu 3855-1: systemd vulnerabilities

Jan12
by Ike on January 12, 2019 at 5:27 am
Posted In: Uncategorized

(Jan 11) Several security issues were fixed in systemd.

 Comment 

Best practices to strengthen Plesk server security

Jan11
by Ike on January 11, 2019 at 7:30 am
Posted In: Uncategorized

The post Best practices to strengthen Plesk server security appeared first on Plesk.

 Comment 

Fedora 29: python-django Security Update

Jan11
by Ike on January 11, 2019 at 6:09 am
Posted In: Uncategorized

(Jan 11) fix CVE-2019-3498 python-django: Content spoofing via URL path in

 Comment 

Fedora 29: php-horde-Horde-Image Security Update

Jan11
by Ike on January 11, 2019 at 5:55 am
Posted In: Uncategorized

(Jan 11) **Horde_Image 2.5.4** * [mjr] SECURITY: Fix potential RCE in the text method when using the Imagemagick backend. * [mjr] SECURITY: Sanitize image type parameter (PR: 2, Fariskhi Vidyan). * [mjr] Fix issues with escaping single and double quote characters in the text method when using the Imagemagick backend.

 Comment 

Debian: DSA-4365-1: tmpreaper security update

Jan11
by Ike on January 11, 2019 at 5:49 am
Posted In: Uncategorized

(Jan 10) Stephen Roettger discovered a race condition in tmpreaper, a program that cleans up files in directories based on their age, which could result in local privilege escalation.

 Comment 

Ubuntu 3853-1: GnuPG vulnerability

Jan11
by Ike on January 11, 2019 at 5:26 am
Posted In: Uncategorized

(Jan 10) GnuPG could allow unintended access to network services.

 Comment 

Ubuntu 3854-1: WebKitGTK+ vulnerabilities

Jan11
by Ike on January 11, 2019 at 5:26 am
Posted In: Uncategorized

(Jan 10) Several security issues were fixed in WebKitGTK+.

 Comment 

WordPress 5.1 Beta 1

Jan11
by Ike on January 11, 2019 at 12:58 am
Posted In: Uncategorized

WordPress 5.1 Beta 1 is now available! This software is still in development, so we don’t recommend you run it on a production site. Consider setting up a test site to play with the new version. There are two ways to test the WordPress 5.1 beta: try the WordPress Beta Tester plugin (you’ll want to select the “bleeding […]

.gov security falters during U.S. shutdown

Jan10
by Ike on January 10, 2019 at 2:57 pm
Posted In: Uncategorized

Dozens of U.S. government websites have been rendered either insecure or inaccessible during the ongoing U.S. federal shutdown. These sites include sensitive government payment portals and remote access services, affecting the likes of NASA, the U.S. Department of Justice, and the Court of Appeals. With around 400,000 federal employees currently furloughed, more than 80 TLS […]

 Comment 

Guard your WordPress security: Understand SQL injections

Jan10
by Ike on January 10, 2019 at 8:00 am
Posted In: Uncategorized

The post Guard your WordPress security: Understand SQL injections appeared first on Plesk.

 Comment 

Ubuntu 3851-1: Django vulnerability

Jan10
by Ike on January 10, 2019 at 5:16 am
Posted In: Uncategorized

(Jan 9) Django could be made to expose spoofed information over the network.

 Comment 

58 queries. 8.75 mb Memory usage. 1.592 seconds.