SUMMARY The Apache HTTPD Server Project have released httpd-2.2.25 and httpd-2.4.6 to correct multiple vulnerabilities that were issues CVE’s. Apache HTTP Server 2.2.25 CVE-2013-1896 mod_dav: Sending a MERGE request against a URI handled by mod_dav_svn with the source href (sent as part of the request body as XML) pointing to …
The second release candidate for WordPress 3.6 is now available for download and testing. We’re down to only a few remaining issues, and the final release should be available in a matter of days. In RC2, we’ve tightened up some aspects of revisions, autosave, and the media player, and fixed some bugs that were spotted […]
SUMMARY Mod_Security was found to have a Remote Null Pointer Dereference vulnerability that could cause it to crash. SECURITY RATING The cPanel Security Team has rated this update has having moderate security impact. Information on security ratings is available at: http://go.cpanel.net/securitylevels. DETAIL CVE-2013-2765 states: “When forceRequestBodyVariable action is triggered and …
Certificate revocation checking is an essential part of any connection to an SSL site; without it, an attacker can impersonate an SSL site with a compromised certificate until it expires of its own accord — an event which may be 5 years away — even if the issuer of the certificate (the certificate authority, or […]
The following disclosure covers the TSR-2013-008, the Targeted Security Release published on July 15th, 2013. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here: http://go.cpanel.net/securitylevels Case 71121 Summary The Squirrelmail Webmail session file contained plain text …
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from …
The first release candidate for WordPress 3.6 is now available. We hope to ship WordPress 3.6 in a couple weeks. But to do that, we really need your help! If you haven’t tested 3.6 yet, there’s no time like the present. (But please: not on a live production site, unless you’re feeling especially adventurous.) Think […]
It’s time for our third annual user and developer survey! If you’re a WordPress user, developer, or business, we want your feedback. Just like previous years, we’ll share the data at the upcoming WordCamp San Francisco (WCSF). Results will also be sent to each survey respondent. It only takes a few minutes to fill out […]
Important: cPanel Security Disclosure TSR-2013-0007 The following disclosure covers the Targeted Security Release 2013-06-26. Each vulnerability is assigned an internal case number which is reflected below. Information regarding the cPanel Security Level rankings can be found here:http://go.cpanel.net/securitylevels Case 71193 Summary Local cPanel users are able to take over ownership of …
Millions of websites and billions of people rely on SSL to protect the transmission of sensitive information such as passwords, credit card details, and personal information with the expectation that encryption guarantees privacy. However, recently leaked documents appear to reveal that the NSA, the United States National Security Agency, logs very high volumes of internet […]
WordPress 3.5.2 is now available. This is the second maintenance release of 3.5, fixing 12 bugs. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. The WordPress security team resolved seven security issues, and this release also contains some additional security hardening. The security fixes included: […]
Netcraft blocked a Twitter phishing site being served from multiple Facebook Applications on 6th June. Visitors to the Facebook applications were requested to enter their Twitter credentials in order to view a “Twitter Video” application. On submission of the fake twitter login form, the user is redirected to YouTube. Links to the phishing attack were spread […]
The Malaysian government’s Police Portal (Johor Contingent) is currently hosting a phishing attack against PayPal on its secure website https://www.polisjohor.gov.my (Site Report). Phishing sites using SSL certificates can piggyback on the trust instilled by browser indicators, such as the padlock icon, to trick potential victims into revealing sensitive information such as their username and password. […]
It’s been ten years since we started this thing, and what a long way we’ve come. From a discussion between myself and Mike Little about forking our favorite blogging software, to powering 18% of the web. It’s been a crazy, exciting, journey, and one that won’t stop any time soon. At ten years, it’s fun […]
All around the globe today, people are celebrating the 10th anniversary of the first WordPress release, affectionately known as #wp10. Watching the feed of photos, tweets, and posts from Auckland to Zambia is incredible; from first-time bloggers to successful WordPress-based business owners, people are coming out in droves to raise a glass and share the […]
Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
Despite the inconsistent treatment of certificate revocation by browsers, providing reliable revocation information is an integral part of operating a trustworthy certificate authority (CA) and a well-accepted requirement of Mozilla’s CA root program. However, there are presently thousands of certificates in use which are irrevocable in some major browsers, and hundreds in those browsers which […]
Certificate revocation is intended to convey a complete withdrawal of trust in an SSL certificate and thereby protect the people using a site against fraud, eavesdropping, and theft. However, some contemporary browsers handle certificate revocation so carelessly that the most frequent users of a site and even its administrators can continue using an revoked certificate […]
WordPress 3.6 Beta 3 is now available! This is software still in development and we really don’t recommend that you run it on a production site — set up a test site just to play with the new version. To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). Beta […]
Early last week, Netcraft blocked a website purporting to offer online support for eBay customers. The website made use of a third-party live chat service provided by Volusion, an e-commerce outfit which also provides both free and premium hosted live chat services. By running a live chat service and asking the right questions, a fraudster […]
WordPress 3.6 Beta 2 is now available! This is software still in development and we really don’t recommend that you run it on a production site — set up a test site just to play with the new version. To test WordPress 3.6, try the WordPress Beta Tester plugin (you’ll want “bleeding edge nightlies”). Or you can download the beta here (zip). The […]
As an open source, free software project, WordPress depends on the contributions of hundreds of people from around the globe — contributions in areas like core code, documentation, answering questions in the support forums, translation, and all the other things it takes to make WordPress the best publishing platform it can be, with the most […]
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Use of old version of Flash-based file uploader leads to XSS vulnerability.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate permission checking allows unauthorised user to delete private messages.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Object unserialize method leads to possible denial of service vulnerability.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
The JSST at the Joomla! Security Center.
In honor of the upcoming 10th anniversary celebrations, we’ve put a special 10th anniversary tshirt in the swag store at cost — $10 per shirt plus shipping. They’ll be on sale at this price until the anniversary on May 27, and they’ll start shipping out the week of April 29. Some people who are planning […]
60 queries. 8.75 mb Memory usage. 0.756 seconds.