WooCommerce <= 3.4.5 – Authenticated Object Injection
More info:
https://wpvulndb.com/vulnerabilities/9137
Wordfence <= 7.1.12 – Username Enumeration Prevention Bypass
https://wpvulndb.com/vulnerabilities/9135
More info:
https://wpvulndb.com/vulnerabilities/9135
Wordfence <= 7.1.12 – Username Enumeration Prevention Bypass
https://wpvulndb.com/vulnerabilities/9135
More info:
https://wpvulndb.com/vulnerabilities/9135
DSA-4322 libssh – security update
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSHlibrary, contains an authentication bypass vulnerability in the servercode. An attacker can take advantage of this flaw to successfullyauthenticate without any credentials by presenting the server anSSH2_MSG_USERAUTH_SUCCESS message in place of theSSH2_MSG_USERAUTH_REQUEST message which the server would expect toinitiate authentication.
More info:
https://www.debian.org/security/2018/dsa-4322
libssh vulnerability CVE-2018-10933
libssh vulnerability CVE-2018-10933. Security Advisory. Security Advisory Description. A vulnerability was found in libsshs ...
More info:
https://support.f5.com/csp/article/K52868493
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15313
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15313. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K21042153
Encrypted SNI Comes to Firefox Nightly
TL;DR: Firefox Nightly now supports encrypting the TLS Server Name Indication (SNI) extension, which helps prevent attackers on your network from learning your browsing history. You can enable encrypted SNI today and it will automatically work with any site that … Continue readingThe post Encrypted SNI Comes to Firefox Nightly appeared first on Mozilla Security Blog.
More info:
https://blog.mozilla.org/security/2018/10/18/encrypted-sni-comes-to-firefox-nightly/
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15314
Cross-site scripting (XSS) vulnerability in undisclosed TMUI page CVE-2018-15314. Security Advisory. Security Advisory Description. ...
More info:
https://support.f5.com/csp/article/K04524282
WordPress Activity Log – 7 Things You Should Be Tracking
https://kinsta.com/blog/wordpress-activity-log/When your WordPress website is small, it’s easy to keep tabs on everything that happens within it. However, as it grows in size and complexity it can become a lot harder to keep up. This is particularly true if you enable users to register on your site, run a membership site, or have multiple contributors […]
More info:
https://kinsta.com/blog/wordpress-activity-log/
DSA-4322 libssh – security update
Peter Winter-Smith of NCC Group discovered that libssh, a tiny C SSHlibrary, contains an authentication bypass vulnerability in the servercode. An attacker can take advantage of this flaw to successfullyauthenticate without any credentials by presenting the server anSSH2_MSG_USERAUTH_SUCCESS message in place of theSSH2_MSG_USERAUTH_REQUEST message which the server would expect toinitiate authentication.
More info:
https://www.debian.org/security/2018/dsa-4322