As FortiGuard Labs discloses another WordPress Plugin XSS vulnerability, it’s time to think about CMS security. According to W3Techs, WordPress powers nearly 24% of all websites. There is a reason that it enjoys close to a 61% market share amo…
Original release date: March 24, 2015 A vulnerability in Google’s Android OS has been discovered that could allow an attacker to change or replace a seemingly safe Android application with malware during installation. An attacker exploiting this vulnerability could access and steal user data on compromised devices without user knowledge
Original release date: March 20, 2015 Apple has released Security Update 2015-003 for OS X Yosemite v10.10.2 to address multiple vulnerabilities. Exploitation of one of these vulnerabilities may allow a remote attacker to take control of an affected system.
With over 12 million downloads, Photo Gallery is one of the most popular WordPress plugins; users should be sure to upgrade to the latest version. FortiGuard Labs disclosed a vulnerability today in the WordPress Photo Gallery plugin that could poten…
VU#631788: Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM
Vulnerability Note VU#631788 Multiple BIOS implementations permit unsafe SMM function calls to memory locations outside of SMRAM Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM. Description Multiple BIOS implementations permit unsafe System Management Mode (SMM) function calls to memory locations outside of SMRAM
Vulnerability Note VU#894897 NSIS Inetc plug-in fails to validate SSL certificates Original Release date: 20 Mar 2015 | Last revised: 20 Mar 2015 Overview The Intetc plugin for the NSIS installer fails to validate SSL certificates, which makes affected installers vulnerable to HTTPS spoofing. Description Inetc is a plugin for the NSIS installer software that provides the ability to download files from the internet.
Original release date: March 19, 2015 OpenSSL has released new updates addressing multiple vulnerabilities, one of which is classified as a high severity issue. Exploitation could allow a remote attacker to cause a cause a Denial of Service attack against the server. Updates available include: OpenSSL 1.0.2a for 1.0.2 users OpenSSL 1.0.1m for 1.0.1 users OpenSSL 1.0.0r for 1.0.0 users OpenSSL 0.9.8zf for 0.9.8 users Users and administrators are encouraged to review the OpenSSL Security Advisory and apply the necessary updates .
Vulnerability Note VU#184100 D-Link DAP-1320 Rev Ax is vulnerable to a command injection Original Release date: 16 Mar 2015 | Last revised: 16 Mar 2015 Overview The D-Link DAP-1320 Rev Ax firmware update mechanism contains a command injection vulnerability. Description CWE-78 : Improper Neutralization of Special Elements used in an OS Command (‘OS Command Injection’) A remote unauthenticated attacker may execute commands on the device by taking advantage of the firmware update mechanism.