The ICS-CERT is warning users about a stack buffer overflow in the Advantech WebAccess SCADA product that could lead to arbitrary code execution. Advantech WebAccess is a SCADA and human-machine interface product that’s accessible over the Web. It’s used in a variety of industries, including energy, manufacturing, government and the commercial sector. The vulnerability affects[…]
Browsing Category: Vulnerabilities
The latest version of WordPress, 4.0.1, patches a critical cross-site scripting vulnerability in comment fields that enables admin-level control over a website.
Most targeted attacks exploit privileged account access according to a new report commissioned by the security firm CyberArk.
Researchers have discovered a group of attackers who have published a variety of compromised WordPress themes and plug-ins on legitimate-looking sites, tricking developers into downloading and installing them on their own sites. The components then give the attackers remote control of the compromised sites and researchers say the attack may have been ongoing since September 2013.[…]
Drupal has released a patched a denial of service and account hijacking vulnerability, details of which were disclosed by the researchers who discovered the issue.
Exploit kit authors are nothing if not opportunistic, and they know a prime opportunity when they see one. Adobe Flash bugs fit that description nicely, and the people behind the Angler exploit kit already are exploiting one of the Flash bugs patched last week in the kit’s arsenal. This is a common tactic for exploit[…]
A bug was recently fixed in Android Lollipop that could allow an attacker to bypass ASLR and run arbitrary code on a target device under certain circumstances.
Google has released Chrome 39, fixing 42 security vulnerabilities and removing support for the fallback to SSLv3, the component that was the target of the POODLE attack revealed last month.
Google today released to open source security scanning tool called Firing Range, which is designed to test for cross-site scripting (XSS) and other vulnerabilities on a massive scale.
Microsoft on Tuesday released a rare out-of-band patch for a critical vulnerability in several versions of Windows and Windows Server, including Windows 8 and 8.1.