Dawid Golunski – WindowsTechs.com

Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability

Posted on May 11, 2017 by Chris Brook

Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Continue reading Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability→

Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability

Posted on May 11, 2017 by Chris Brook

Vanilla Forums software suffers from vulnerabilities that could let an attacker gain access to user accounts, carry out web-cache poisoning attacks, and in some instances, execute arbitrary code. Continue reading Vanilla Forums Software Vulnerable to RCE, Host Header Injection Vulnerability→

Unpatched WordPress Password Reset Vulnerability Lingers

Posted on May 4, 2017 by Chris Brook

A zero day vulnerability exists in WordPress Core that in some instances, could allow an attacker to reset a user’s password and in turn, gain access to their account. Continue reading Unpatched WordPress Password Reset Vulnerability Lingers→

No Fix for SquirrelMail Remote Code Execution Vulnerability

Posted on April 24, 2017 by Chris Brook

SquirrelMail suffers from a remote code execution vulnerability that could let attackers execute arbitrary commands on the target and compromise the remote system. Continue reading No Fix for SquirrelMail Remote Code Execution Vulnerability→

WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities

Posted on January 12, 2017 by Chris Brook

A new WordPress update, pushed this week, resolves eight security issues, including a handful of XSS and CSRF bugs. Continue reading WordPress 4.7.1 Fixes CSRF, XSS, PHPMailer Vulnerabilities→

PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities

Posted on December 29, 2016 by Chris Brook

Critical remote code execution vulnerabilities in PHPMailer and SwiftMailer, libraries used to send emails via PHP, were patched this week. Continue reading PHPMailer, SwiftMailer Updates Resolve Critical Remote Code Execution Vulnerabilities→

Nagios Core Patches Root, RCE Vulnerabilities

Posted on December 16, 2016 by Michael Mimoso

Nagios Core has been updated to take care of two critical vulnerabilities that can be pinned together to attack servers hosting the open source IT infrastructure monitoring software. Continue reading Nagios Core Patches Root, RCE Vulnerabilities→

Critical MySQL Vulnerabilities Can Lead to Server Compromise

Posted on November 2, 2016 by Chris Brook

Critical vulnerabilities in MySQL and database servers MariaDB and PerconaDB can lead to arbitrary code execution, root privilege escalation, and server compromise. Continue reading Critical MySQL Vulnerabilities Can Lead to Server Compromise→

Critical MySQL Vulnerability Disclosed

Posted on September 12, 2016 by Michael Mimoso

A researcher has disclosed some details and a limited proof-of-concept for a critical MySQL vulnerability. The flaw has been patched in MariaDB and PerconaDB. Continue reading Critical MySQL Vulnerability Disclosed→

Patched ColdFusion Flaw Exposes Applications to Attack

Posted on September 1, 2016 by Michael Mimoso

Adobe pushed hotfixes to ColdFusion 11 and 10 installations addressing a XXE vulnerability that can be exploited processing OOXML documents. Continue reading Patched ColdFusion Flaw Exposes Applications to Attack→