The Cisco Unified Communications Domain Manager contains a default private SSH key that could allow an attacker to run arbitrary code on vulnerable installations. The bug is about as serious as they come, giving remote, unauthenticated attackers access to affected machines with the rights of a root user.
Browsing Category: Vulnerabilities
WordPress users that have the MailPoet newsletter plugin installed are being cautioned to upgrade immediately.
Apple updates Mavericks, iOS, Safari, and AppleTV with a long list of patches for critical security vulnerabilities.
Google has fixed a security vulnerability in it’s cloud storage service, Drive, which could have leaked sensitive data to third parties.
Microsoft announced this afternoon that it would resume sending security email notifications, reversing course on a decision it had made to suspend the practice.
The PHP Group has released new versions of the popular scripting language that fix a number of bugs, including two in OpenSSL. The flaws fixed in OpenSSL don’t rise to the level of the major bugs such as Heartbleed that have popped up in the last few months. But PHP 5.5.14 and 5.4.30 both contain fixes[...]
A 20-year old vulnerability in the Lempel-Ziv-Oberhumer (LZO) compression algorithm was finally patched this week.
A zero-day vulnerability has been patched in the PHP-based image resizer TimThumb, popular in WordPress themes, after it was publicly disclosed this week.
Oftentimes, looking at a given security vulnerability or mistake by a vendor, it’s easy to wonder how on earth the bug got through in the first place or the company didn’t catch the problem earlier. That definitely could have been the case with the recently disclosed bypass of PayPal’s two-factor authentication mechanism, but, as is[...]
Researchers at IBM disclosed a serious buffer overflow vulnerability in Android 4.3 and earlier that could lead to code execution. The bug is patched in KitKat, but most users are on older versions.