Month: diciembre 2020

Eclipse Jetty vulnerability CVE-2019-10241 Security Advisory Security Advisory Description In Eclipse Jetty version 9.2.26 and older, 9.3.25 and older, and 9.4.15 and older, the server is ... More info: https://support.f5.com/csp/article/K01869532?utm_source=f5support&utm_medium=RSS

Launching a free plugin to disable the new Application Passwords feature introduced in WordPress version 5.6. The plugin is one line of code. Install and activate to completely disable all of the Application Passwords functionality. To re-enable all Application Passwords, simply deactivate/uninstall the plugin. Easy peasy. Download I literally just submitted this plugin to the […] More info: https://perishablepress.com/wordpress-disable-application-passwords/

On November 4, 2020, the Wordfence Threat Intelligence team found two reflected Cross-Site Scripting (XSS) vulnerabilities in PageLayer, a WordPress plugin installed on over 200,000 sites. These vulnerabilities could lead to an attacker executing malicious Javascript in an administrator’s browser, which could lead to takeover of a vulnerable WordPress site. We contacted the plugin’s publisher, […] More info: https://www.wordfence.com/blog/2020/12/reflected-xss-in-pagelayer-plugin-affects-over-200000-wordpress-sites/

Since April, our team has been tracking the spread of a PHP malware dropper. It’s impacting unsuspecting victims who thought they were downloading a mapping software to monitor the spread of the COVID-19 pandemic. While the attack is likely spread through a variety of vectors, we have verified that bad actors are using other compromised […] More info: http://feedproxy.google.com/~r/sucuri/blog/~3/j3lgVy_SQvk/malware-dropper-takes-advantage-of-covid-19-pandemic.html

WordPress 5.6 was released this week with a new feature called application passwords. In this episode we talk about how application passwords work, where to find them in your WordPress installation, and why Wordfence decided to turn these off by default in version 7.4.14. We also talk about a new Magecart attack that places card […] More info: https://www.wordfence.com/blog/2020/12/episode-98-how-application-passwords-work-in-wordpress-5-6/

libarchive vulnerability CVE-2017-14503 Security Advisory Security Advisory Description libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_ ... More info: https://support.f5.com/csp/article/K18252740?utm_source=f5support&utm_medium=RSS

libarchive vulnerability CVE-2017-14503 Security Advisory Security Advisory Description libarchive 3.3.2 suffers from an out-of-bounds read within lha_read_data_none() in archive_read_support_ ... More info: https://support.f5.com/csp/article/K18252740?utm_source=f5support&utm_medium=RSS

Apache Struts vulnerability CVE-2012-0391 Security Advisory Security Advisory Description The ExceptionDelegator component in Apache Struts before 2.2.3.1 interprets parameter values as OGNL ... More info: https://support.f5.com/csp/article/K20127031?utm_source=f5support&utm_medium=RSS

Apache Struts vulnerability CVE-2012-0392 Security Advisory Security Advisory Description The CookieInterceptor component in Apache Struts before 2.3.1.1 does not use the parameter-name whitelist, ... More info: https://support.f5.com/csp/article/K13434228?utm_source=f5support&utm_medium=RSS

BIND vulnerability CVE-2020-8624 Security Advisory Security Advisory Description In BIND 9.9.12 -> 9.9.13, 9.10.7 -> 9.10.8, 9.11.3 -> 9.11.21, 9.12.1 -> 9.16.5, 9.17.0 -> 9.17.3, also affects 9.9 ... More info: https://support.f5.com/csp/article/K91090139?utm_source=f5support&utm_medium=RSS