iControl REST and tmsh vulnerability CVE-2019-6621 Security Advisory Security Advisory Description On BIG-IP 14.1.0-14.1.0.5, 14.0.0-14.0.0.4, 13.0.0-13.1.1.4, 12.1.0-12.1.4.1, 11.6.1-11.6.3.4, ...
More info:
https://support.f5.com/csp/article/K20541896?utm_source=f5support&utm_medium=RSS
In the Feature Spotlight posts, we will highlight a feature in the iThemes Security Pro plugin and share a bit about why we developed the feature, who the feature is for, and how to use the feature. Today we are going to cover the WordPress Security Grade Report, a quick and easy way to audit […]
More info:
https://ithemes.com/ithemes-security-pro-feature-spotlight-wordpress-security-grade-report/
According to W3Tech’s data, PrestaShop is among the most popular CMS choices for existing ecommerce websites, so it should come as no surprise that malware has been created to specifically target these environments. We recently came across an infected PrestaShop website with malware which was automatically injecting a super admin PrestaShop user whenever the website […]
More info:
http://feedproxy.google.com/~r/sucuri/blog/~3/xj5ovcpgEYg/prestashop-superadmin-injector-and-login-stealer.html
A recent zero-day vulnerability that affected hundreds of thousands of WordPress sites offers some insight into why a growing number of businesses are looking to managed WordPress hosting from companies like WP Engine for more than just fast-loading, highly-available websites. What Went Wrong With File Manager Plugin 6.4? The critical vulnerability was introduced back in… […]
More info:
https://wpengine.com/blog/keeping-plugins-updated-is-important-a-managed-wordpress-host-can-help/
Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Update November 18: Documented longer list of dangerous file extensionsDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting
More info:
https://www.drupal.org/sa-core-2020-012
Project: Drupal coreDate: 2020-November-18Security risk: Critical 17∕25 AC:Basic/A:User/CI:All/II:All/E:Theoretical/TD:DefaultVulnerability: Remote code executionCVE IDs: CVE-2020-13671Description: Update November 18: Documented longer list of dangerous file extensionsDrupal core does not properly sanitize certain filenames on uploaded files, which can lead to files being interpreted as the incorrect extension and served as the wrong MIME type or executed as PHP for certain hosting
More info:
https://www.drupal.org/sa-core-2020-012