Cisco has released a security update stating that it has discovered a vulnerability in the folder permissions of Cisco Webex Meetings client for Windows could allow an authenticated, local attacker to modify locally stored files and execute code on a targeted device with the privilege level of the user. This issue is due to folder […]
Mozilla has released a security update stating that the following issues have been found in Mozilla Firefox ver 62.0: a) A use-after-free vulnerability can occur when an IndexedDB index is deleted while still in use by JavaScript code that is providing payload values to be stored. This results in a potentially exploitable crash – (CVE-2018-12378). […]
Joomla has released a security update stating that the following vulnerabilities have been found in its Joomla Content Management System (CMS) – a) Inadequate checks regarding disabled fields can lead to an ACL violation – (CVE-2018-15881). b) Inadequate output filtering on the user profile page could lead to a stored XSS attack – (CVE-2018-15880). c) […]
Apache has released a security update stating that a vulnerability has been discovered in Apache Struts where it is possible for an attacker to perform a Remote Code Eexecution attack when the namespace value isn’t set for a result defined in certain underlying configurations. Further information on this vulnerability and how it can be mitigated […]
Adobe has released a security update stating that the following issues have been discovered in Adobe Acrobat & Reader: a) One out-of-bounds vulnerability that could allow for arbitrary code execution – (CVE-2018-12808). b) One untrusted pointer deference vulnerability that could allow for arbitrary code execution – (CVE-2018-12799). Successful exploitation of these vulnerabilities could result in […]
Oracle has released a security update stating that a vulnerability has been discovered in Oracle Database Server that could allow for complete compromise of the database. The issue resides in the Oracle Database Server where low-privileged attackers that have Create Session privileges can compromise the Java Virtual Machine component and take complete control of the […]
ICS-CERT has released a security update stating that the NetComm’s Wireless 4G LTE Light Industrial M2M Router is vulnerable to: a) Information Exposure b) Cross-site Request Forgery c) Cross-site Scripting The flaws can be exploited remotely from the Internet and have been classified by ICS-CERT as “critical” while the information disclosure issues are said to […]
VMware has released a security update stating that Horizon ver 6.0 – 7.0 for Windows contains an out-of-bounds read vulnerability in the Message Framework library. This issue may allow a less-privileged user to leak information from a privileged process running on a system where Horizon Connection Server, Horizon Agent or Horizon Client are installed. Further […]
Mozilla has released a security update stating that it has found the following critical vulnerabilities within Mozilla Thunderbird ver 60.0: a) Bug #1459162 – a buffer overflow can occur when rendering canvas content while adjusting the height and width of the canvas element dynamically, causing data to be written outside of the currently computed boundaries. […]
Drupal has released a security update stating that a vulnerability has been discovered in Drupal ver 8.5.5 and before where within the Symfony Library an attacker can override the path in the request URL via the X-Original-URL or X-Rewrite-URL within the IIS Web Server through the making of a HTTP request header. Once the override […]
