NTP vulnerability CVE-2019-11331 Security Advisory Security Advisory Description Network Time Protocol (NTP), as specified in RFC 5905, uses port 123 even for modes where a fixed port number is ...
More info:
https://support.f5.com/csp/article/K09940637
Several vulnerabilities have been discovered in the OpenJDK Java runtime,resulting in information disclosure, denial of service or bypass ofsandbox restrictions. In addition the implementation of elliptic curvecryptography was modernised.
More info:
https://www.debian.org/security/2019/dsa-4485
Several vulnerabilities have been discovered in the OpenJDK Java runtime,resulting in information disclosure, denial of service or bypass ofsandbox restrictions. In addition the implementation of elliptic curvecryptography was modernised.
More info:
https://www.debian.org/security/2019/dsa-4486
https://secupress.me/blog/wps-bidouille-v1-12-2-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is medium. CSRF #1 File : /classes/plugin.php Line 355-358 Function count_notif() Issue : Lack of nonce token, we can here give this link to a logged-in administrator or include it in a hidden page with POST method: https://example.com/wp-admin/admin-ajax.php?action=count_notif with […]
More info:
https://secupress.me/blog/wps-bidouille-v1-12-2-multiples-vulnerabilities/
https://wpvulndb.com/vulnerabilities/9467
More info:
https://wpvulndb.com/vulnerabilities/9467
https://secupress.me/blog/wps-limit-login-v1-4-5-multiple-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is medium. Protection ByPass File : /classes/plugin.php Method : get_address() Issue : This method will read the variable HTTP_X_FORWARDED_FOR which is, like its name says, a cross data with the browser (HTTP X (X = Cross)). It’s enough to […]
More info:
https://secupress.me/blog/wps-limit-login-v1-4-5-multiple-vulnerabilities/
https://www.wordfence.com/blog/2019/07/recent-wordpress-vulnerabilities-targeted-by-malvertising-campaign/ The Defiant Threat Intelligence team has identified a malvertising campaign which is causing victims’ sites to display unwanted popup ads and redirect visitors to malicious destinations, including tech support scams, malicious Android APKs, and sketchy pharmaceutical ads. This type of campaign is far from novel, but these attacks drew our attention. By targeting a […]
More info:
https://www.wordfence.com/blog/2019/07/recent-wordpress-vulnerabilities-targeted-by-malvertising-campaign/
https://www.wpwhitesecurity.com/wfcm-12-scan-now-button/Update 1.2 of the Website File Changes Monitor plugin for WordPress is available for download. In this update we have: Added a new Scan Now button to the main interface so you can launch instant file changes scans on your WordPress site with just a mouse click. Introduced a new setting to enable debug logging […]
More info:
https://www.wpwhitesecurity.com/wfcm-12-scan-now-button/
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is low. Protection ByPass #1 File : /classes/plugins.php Lines : 427 Issue : If the URL contains “action=confirmaction” it’s enough to acces the login page. Demo : https://example.com/wp-login.php?SECUPRESSaction=confirmaction Protection ByPass #2 File : /classes/plugins.php Lines : 477-480 Issue : […]
More info:
https://secupress.me/blog/wps-hide-login-v1-5-2-2-multiples-vulnerabilities/
https://secupress.me/blog/wps-cleaner-v1-4-4-multiples-vulnerabilities/WPS Limit Login is edited by WP Serveur, WordPress french host. Criticity level for this update is high. Disclose File : /classes/plugin.php Line 1070 : $files = esc_attr( $_POST[‘files’] ); Issue : No control of the sent IDs to be sure they are attached media so we can change IDs to select any other (private […]
More info:
https://secupress.me/blog/wps-cleaner-v1-4-4-multiples-vulnerabilities/
