(Apr 23) Updated kernel packages that fix multiple security issues and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having [More…]
Comment
Posts Tagged security
908 results.
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-26
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3059
Description
Inadequate filtering leads to XSS vulnerability in Voting plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Yannick Gaultier and Jeff Channell
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-March-9
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3058
Description
Inadequate filtering allows possibility of XSS exploit in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: James Kettle
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Privilege Escalation
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3056
Description
Inadequate permission checking allows unauthorised user to delete private messages.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Information Disclosure
- Reported Date: 2013-March-29
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3057
Description
Inadequate permission checking allows unauthorised user to see permission settings in some circumstances.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Francois Gauthier
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-February-15
- Fixed Date: 2013-April-24
- CVE Number: None
Description
Use of old version of Flash-based file uploader leads to XSS vulnerability.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Reginaldo Silva
- Project: Joomla!
- SubProject: All
- Severity: Moderate
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: Denial of service vulnerability
- Reported Date: 2013-February-18
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3242
Description
Object unserialize method leads to possible denial of service vulnerability.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Egidio Romano
- Project: Joomla!
- SubProject: All
- Severity: Low
- Versions: 2.5.9 and earlier 2.5.x versions. 3.0.3 and earlier 3.0.x versions.
- Exploit type: XSS Vulnerability
- Reported Date: 2013-April-17
- Fixed Date: 2013-April-24
- CVE Number: CVE-2013-3267
Description
Inadequate filtering leads to XSS vulnerability in highlighter plugin.
Affected Installs
Joomla! version 2.5.9 and earlier 2.5.x versions; and version 3.0.2 and earlier 3.0.x versions.
Solution
Upgrade to version 2.5.10, 3.1.0 or 3.0.4.
Contact
The JSST at the Joomla! Security Center.
Reported By: Vertical Pigeon
MailEnable has released critical updates to the following versions: 3, 4, 5, 6 and 7.
MailEnable recommend to install this security update on all production systems.
Please check http://www.mailenable.com/rss/article.asp?Source=RSSADMIN&ID=SECURITYUPDATE20130422 for more details and update instructions.
Rank Company site OS Outagehh:mm:ss FailedReq% DNS […]
(Apr 16) Updated krb5 packages that fix one security issue are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Apr 16) Updated kernel packages that fix two security issues and several bugs are now available for Red Hat Enterprise Linux 6.2 Extended Update Support. The Red Hat Security Response Team has rated this update as having [More…]
(Apr 17) Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having [More…]
(Apr 16) Updated kernel packages that fix several security issues and three bugs are now available for Red Hat Enterprise Linux 5. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Apr 18) Updated java-1.6.0-sun packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Apr 18) Updated java-1.7.0-oracle packages that fix several security issues are now available for Red Hat Enterprise Linux 5 and 6 Supplementary. The Red Hat Security Response Team has rated this update as having critical [More…]
(Apr 17) Updated icedtea-web packages that fix two security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
(Apr 17) Updated java-1.7.0-openjdk packages that fix various security issues are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having critical [More…]
The following new functionality has been added:
[+] (Windows only) BIND has been updated to version 9.9.2-P2
[+] Behaviour of Event Handlers is changed. Since this microupdate Plesk will expose plain passwords for event handlers independent on security mode.
The following bug has been fixed:
[-] Plesk could not be updated on Centos 6 if package perl-Digest-SHA is installed (134272)
[-] PHP settings can’t be set via API-RPC (124552
[-] Impossible to delete DNS record via API-RPC in case of 400 domains on the server
[-] (Windows only) Temporary statistics files are not deleting from C:Recycler (128399)
(Apr 15) Updated 389-ds-base packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux 6. The Red Hat Security Response Team has rated this update as having low [More…]
Hot on the heels of recent WordPress attacks, Netcraft has found a phishing attack which uses a script hosted on the official UGG blog at blog.uggaustralia.com. UGG — famous for its sheepskin boots — hosts its WordPress blog with Media Temple but its blog also contains a malicious PHP script which fleeces HSBC customers out […]
Certificate revocation is a critical aspect of maintaining the security of the third-party Certificate Authority (CA) infrastructure which underpins secure communication on the internet using SSL/TLS. A certificate may be worth revoking when it has had its private key compromised, the owner of the certificate no longer controls the domain for which it was issued, […]
The following bug has been fixed:
[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.
The following bug has been fixed:
[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.
The following bug has been fixed:
[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.
The following bug has been fixed:
[-] Fixed moderate security issue with privilege escalation.
More details in article Public issues VU#310500 and CVE-2013-0132, CVE-2013-0133
This MU is recommended for all Parallels Plesk Panel users.
(Apr 11) Updated subversion packages that fix multiple security issues are now available for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate [More…]
As part of Netcraft’s ongoing work in providing anti-fraud and anti-phishing services, we have recently discovered a significant number of Russian language attacks targeting users of popular pieces of software, including well known brands such as Angry Birds. This type of attack can be particularly successful as it exploits a user’s trust in a brand. […]
(Apr 10) Timur Yunusov and Alexey Osipov from Positive Technologies discovered that the XML files parser of ModSecurity, an Apache module whose purpose is to tighten the Web application security, is vulnerable to XML external entities attacks. A specially-crafted XML file provided by a [More…]
(Apr 9) This update fixes one security issue in multiple rubygem packages for Red Hat OpenShift Enterprise 1.1.3. The Red Hat Security Response Team has rated this update as having moderate [More…]