27 julio, 2019

DSA-4488 exim4 – security update

Jeremy Harris discovered that Exim, a mail transport agent, does notproperly handle the ${sort } expansion. This flaw can be exploited by aremote attacker to execute programs with root privileges in non-default(and unusual) configurations where ${sort } expansion is used for itemsthat can be controlled by an attacker. More info: https://www.debian.org/security/2019/dsa-4488

27 julio, 2019

Contact Form 7 Dynamic Text Extension <= 2.0.2.1 – Reflected XSS

https://wpvulndb.com/vulnerabilities/9477 More info: https://wpvulndb.com/vulnerabilities/9477

27 julio, 2019

Intel processor diagnostic tool vulnerability CVE-2019-11133

Intel processor diagnostic tool vulnerability CVE-2019-11133 Security Advisory Security Advisory Description Improper access control in the Intel(R) Processor Diagnostic Tool before version 4.1.2. ... More info: https://support.f5.com/csp/article/K90305959

27 julio, 2019

cURL and libcurl vulnerability CVE-2019-5436

cURL and libcurl vulnerability CVE-2019-5436 Security Advisory Security Advisory Description A heap buffer overflow in the TFTP receiving code allows for DoS or arbitrary code execution in libcurl ... More info: https://support.f5.com/csp/article/K55133295

27 julio, 2019

Intel SSD vulnerability CVE-2018-18095

Intel SSD vulnerability CVE-2018-18095 Security Advisory Security Advisory Description Improper authentication in firmware for Intel(R) SSD DC S4500 Series and Intel(R) SSD DC S4600 Series before ... More info: https://support.f5.com/csp/article/K62655863

27 julio, 2019

Blog2Social <= 5.5.0 – SQL Injection

https://wpvulndb.com/vulnerabilities/9476 More info: https://wpvulndb.com/vulnerabilities/9476

27 julio, 2019

Fake Google Domains Used in Evasive Magento Skimmer

http://feedproxy.google.com/~r/sucuri/blog/~3/eu9Vp7Ox1yQ/fake-google-domains-used-in-evasive-magento-skimmer.html We were recently contacted by a Magento website owner who had been blacklisted and was experiencing McAfee SiteAdvisor “Dangerous Site” warnings. Our investigation revealed that the site had been infected with a credit card skimmer loading JavaScript from the malicious internationalized domain google-analytîcs[.]com (or xn--google-analytcs-xpb[.]com in ASCII): More info: http://feedproxy.google.com/~r/sucuri/blog/~3/eu9Vp7Ox1yQ/fake-google-domains-used-in-evasive-magento-skimmer.html

27 julio, 2019

NTP vulnerability CVE-2014-5209

NTP vulnerability CVE-2014-5209 Security Advisory Security Advisory Description ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a ... More info: https://support.f5.com/csp/article/K44942017

27 julio, 2019

AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/9475 More info: https://wpvulndb.com/vulnerabilities/9475

27 julio, 2019

AdRotate Banner Manager <= 5.2 – Authenticated SQL Injection

https://wpvulndb.com/vulnerabilities/9475 More info: https://wpvulndb.com/vulnerabilities/9475