Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Drupal, Typo3 and Joomla are all impacted by the bug. Continue reading Serious Phar Flaw Allows Arbitrary Code Execution on Drupal
Category Archives: path traversal
Serious flaw found and patched in WordPress, but it might lurk in plugins
WordPress recently patched a long-running, potentially serious vulnerability in its core code. But a similar flaw in third-party plugins could still allow hackers to take over websites that use the popular publishing software, according to German web security company RIPS Technologies. Exploiting the vulnerability requires an attacker to have access to an account with “author” privileges for the target website — a common designation for WordPress users. Once logged in, a hacker could manipulate how WordPress reads and writes files in its image database, essentially tricking the software into saving a malicious script file into a directory that typically handles photos. “An attacker who gains access to an account with at least author privileges on a target WordPress site can execute arbitrary PHP code on the underlying server, leading to a full remote takeover,” RIPS researcher Simon Scannell wrote in a blog post Tuesday. The bug — which RIPS is categorizing as a “path traversal” vulnerability — is exploitable WordPress instances […]
The post Serious flaw found and patched in WordPress, but it might lurk in plugins appeared first on CyberScoop.
Continue reading Serious flaw found and patched in WordPress, but it might lurk in plugins
Flaws in Development Tools Expose Android App Makers to Attacks
Millions of computers and servers that are used to develop, test and analyze Android applications were put at risk by vulnerabilities in widely used development tools. The flaws were discovered by researchers from Check Point Software Technologies and … Continue reading Flaws in Development Tools Expose Android App Makers to Attacks
Workarounds Available for Flaws in Siemens RUGGEDCOM Gear
Five vulnerabilities exist in Siemens RUGGEDCOM gear; the vendor has made a number of workarounds available, but it’s unknown whether patches will be made available. Continue reading Workarounds Available for Flaws in Siemens RUGGEDCOM Gear
VU#168699: dotCMS contains multiple vulnerabilities
The dotCMS administration panel is vulnerable to cross-site request forgery,and the"Push Publishing"feature in Enterprise Pro is vulnerable to path traversal and arbitrary file upload. dotCMS versions 3.7.1 and earlier are affected. Continue reading VU#168699: dotCMS contains multiple vulnerabilities
VU#305607: Accellion Kiteworks contains multiple vulnerabilities
The Accellion Kiteworks appliance prior to version kw2016.03.00 contains multiple vulnerabilities. Continue reading VU#305607: Accellion Kiteworks contains multiple vulnerabilities
VU#603047: Crestron AirMedia AM-100 contains multiple vulnerabilities
The Crestron AirMedia AM-100 with firmware prior to version 1.4.0.13 is vulnerable to path traversal and command injection. Continue reading VU#603047: Crestron AirMedia AM-100 contains multiple vulnerabilities
VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities
Netgear Management System NMS300,version 1.5.0.11 and earlier,is vulnerable to arbitrary file upload,which may be leveraged by unauthenticated users to execute arbitrary code with SYSTEM privileges. A directory traversal vulnerability enables authenticated users to download arbitrary files. Continue reading VU#777024: Netgear Management System NMS300 contains arbitrary file upload and path traversal vulnerabilities