https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/Recently our research team found serious security issues in ten WordPress plugins developed by the same vendor – MULTIDOTS Inc. company. All vulnerable plugins designed to work alongside with WooCommerce so there is a real threat to all online stores powered by WooCommerce and one of these plugins. Vulnerable WordPress plugins All these WordPress plugins […]
More info:
https://blog.threatpress.com/vulnerable-wordpress-plugins-multidots/
It was discovered that Zookeeper, a service for maintaining configurationinformation, enforced no authentication/authorisation when a serverattempts to join a Zookeeper quorum.
More info:
https://www.debian.org/security/2018/dsa-4214
Red Hat Enterprise Linux: An update for rh-java-common-xmlrpc is now available for Red Hat SoftwareCollections.Red Hat Product Security has rated this update as having a security impact ofImportant. A Common Vulnerability Scoring System (CVSS) base score, which givesa detailed severity rating, is available for each vulnerability from the CVElink(s) in the References section. CVE-2016-5003
More info:
http://rhn.redhat.com/errata/RHSA-2018-1784.html
It was discovered that Prosody, a lightweight Jabber/XMPP server, doesnot properly validate client-provided parameters during XMPP streamrestarts, allowing authenticated users to override the realm associatedwith their session, potentially bypassing security policies and allowingimpersonation.
More info:
https://www.debian.org/security/2018/dsa-4216
Kernel vulnerability CVE-2018-11232. Security Advisory. Security Advisory Description. The etm_setup_aux function in drivers ...
More info:
https://support.f5.com/csp/article/K57690705
https://blog.threatpress.com/detect-remove-wordpress-redirects/Approximately 30% of Internet websites are running on WordPress, making it the world’s most popular content management system. Unfortunately, the incredible level of popularity enjoyed by WordPress has a significant downside — it makes the platform very attractive to hackers. One common attack vector used against WordPress websites involves compromising files to cause the website […]
More info:
https://blog.threatpress.com/detect-remove-wordpress-redirects/
It was discovered that Wireshark, a network protocol analyzer, containedseveral vulnerabilities in the dissectors for PCP, ADB, NBAP, UMTS MAC,IEEE 802.11, SIGCOMP, LDSS, GSM A DTAP and Q.931, which result in denialof service or the execution of arbitrary code.
More info:
https://www.debian.org/security/2018/dsa-4217
Man Yue Mo, Lars Krapf and Pierre Ernst discovered that Batik, atoolkit for processing SVG images, did not properly validate itsinput. This would allow an attacker to cause a denial-of-service,mount cross-site scripting attacks, or access restricted files on theserver.
More info:
https://www.debian.org/security/2018/dsa-4215
