Blog

More info: https://wpvulndb.com/vulnerabilities/9279

https://wpvulndb.com/vulnerabilities/9277 More info: https://wpvulndb.com/vulnerabilities/9277

by Michael Hawkins. The size of users private file uploads via email were not correctly checked, so their quota allowance could be exceeded.Severity/Risk:MinorVersions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versionsVersions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18Reported by:Guillermo Leon Alvarez SalamancaWorkaround:Disable the "Email to Private files" message handler until the fix is applied. This is disabled by default in More info: https://moodle.org/mod/forum/discuss.php?d=386524&parent=1557998

INTEL-SA-00204 - Intel PROSet/Wireless WiFi Software vulnerability CVE-2018-3701 Security Advisory Security Advisory Description Improper directory permissions in the installer for Intel(R) PROSet ... More info: https://support.f5.com/csp/article/K00245734

by Michael Hawkins. The form to upload cohorts contained a redirect field, which was not restricted to internal URLs.Severity/Risk:MinorVersions affected:3.6 to 3.6.3, 3.5 to 3.5.5, 3.4 to 3.4.8, 3.1 to 3.1.17 and earlier unsupported versionsVersions fixed:3.7, 3.6.4, 3.5.6, 3.4.9 and 3.1.18Reported by:Lindon WassCVE identifier:CVE-2019-10133Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-64708Tracker issue:MDL-64708 Open redirect in upload More info: https://moodle.org/mod/forum/discuss.php?d=386523&parent=1557997

by Michael Hawkins. A web service fetching messages was not restricted to the current users conversations.Severity/Risk:SeriousVersions affected:3.6 to 3.6.3Versions fixed:3.7, 3.6.4Reported by:Mazen GamalWorkaround:Disable the messaging system until the fix is applied.CVE identifier:CVE-2019-10132Changes (master):http://git.moodle.org/gw?p=moodle.git&a=search&h=HEAD&st=commit&s=MDL-65365Tracker issue:MDL-65365 All messaging conversations could be viewed More info: https://moodle.org/mod/forum/discuss.php?d=386521&parent=1557995

INTEL-SA-00252 - Intel Driver & Support Assistant version 19.3.12.3 and before vulnerability CVE-2019-11095 Security Advisory Security Advisory Description Insufficient access control in Intel(R) ... More info: https://support.f5.com/csp/article/K05525310

https://perishablepress.com/bluehost-sitelock/ Apparently, Bluehost partnered with a company called SiteLock sometime last year. Supposedly Sitelock is a “website scanner that proactively checks for malicious threats and vulnerabilities”. I guess the service operates on Bluehost servers, and today they sent a scary email letting me know that “malware was detected” on my Bluehost site. Here’s the thing […] More info: https://perishablepress.com/bluehost-sitelock/

More info: https://wpvulndb.com/vulnerabilities/9277

https://www.wordfence.com/blog/2019/05/podcast-episode-14-interview-with-trauma-surgeon-and-plugin-dev-andy-fragen/ Dr. Andy Fragen is a trauma/acute care surgeon as well as a prolific WordPress plugin author. One of his plugins, GitHub Updater, allows you to host WordPress plugins and themes on GitHub instead of WordPress.org. Andy supports numerous WordCamps and is an active member of the WordPress community in southern California. I had […] More info: https://www.wordfence.com/blog/2019/05/podcast-episode-14-interview-with-trauma-surgeon-and-plugin-dev-andy-fragen/