info@unhackable.org Phone: +877 547 3638

CVE-2016-1531 Exim MTA Privilege Escalation Vulnerability

Version Git tag ——————————— Exim 4.84.2 exim-4_84_2 Exim 4.85.2 exim-4_85_2 Exim 4.86.2 exim-4_86_2 Exim 4.87 RC 5 exim-4_87_RC5 (It’s an updated version of 4.8{4,5,6}.1, fixing minor portability issues for *BSD and OS/X). The known download area contains packed tarballs. The tarballs for fixed older versions (4.84.2, 4.85.2) are below the old/ directory. Every tarball and […]

Read More »

WordPress WP-Super-Cache plugin XSS vulnerability

Million of WordPress websites using the WP-Super-Cache are exposed to the risk of attack due to a critical vulnerability affecting the popular plugin. The WP-Super-Cache plugin, is normally used to improve the performance of the WordPress website because it generates static HTML files from dynamic WordPress blogs. The critical persistent cross-site scripting vulnerability was reported […]

Read More »

How to scan access_log for Shellshock attempts via httpd

In the previous post, we announced the discovery of the remote bash vulnerability which has been dubbed “Shellshock” throughout the security and Linux communities. As you may know, bash supports exporting shell variables as well as shell functions to other bash instances. This is accomplished through the process environment to a child process. We previously […]

Read More »

CVE-2014-5119 glibc __gconv_translit_find() exploit

Date: Mon, 25 Aug 2014 19:00:15 -0700 From: Tavis Ormandy To: fulldisclosure@…lists.org, oss-security@…ts.openwall.com Subject: CVE-2014-5119 glibc __gconv_translit_find() exploit List, back in July, I described CVE-2014-5119, a fiendish single-fixed-byte heap metadata overflow in the glibc internal routine __gconv_translit_find(). This is caused by the file extension being incorrectly appended to the transliteration module filename. The result is […]

Read More »

Several Vulnerabilities in Mozilla Firefox, Thunderbird, Seamonkey

Updated software packages for Mozilla Firefox, Thunderbird, Seamonkey that fixes several recently discovered security issues is now available for nearly all operating systems and platforms. You should upgrade your software immediately! Patched and Secure Versions If you are not using one of the versions below, you are vulnerable. Firefox 18.0 Firefox ESR 10.0.12 Firefox ESR […]

Read More »

2 Joomla SQL Injection Vulnerabilities Discovered

Two SQL Injection vulnerabilities were recently detected in the com_package and com_photo modules of the joomla Content Management System. Remote attackers & low privileged user accounts can execute/inject own sql commands to compromise the application database. The vulnerability is located in the com_package module with the bound vulnerable id parameter. Successful exploitation of the vulnerability […]

Read More »

bind9 denial of service (remote) (CVE-2012-3817)

Package : bind9 Vulnerability : denial of service Problem type : remote Debian-specific: no CVE ID : CVE-2012-3817 Einar Lonn discovered that under certain conditions bind9, a DNS server, may use cached data before initialization. As a result, an attacker can trigger and assertion failure on servers under high query load that do DNSSEC validation. […]

Read More »

mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22

On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw (CVE-2012-2122) in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -127 to 127 (signed character). On some platforms and with certain […]

Read More »

Ubuntu Security Advisory: PHP / Upgrades available

A security issue affects these releases of Ubuntu and its derivatives: – Ubuntu 11.10 – Ubuntu 11.04 – Ubuntu 10.10 – Ubuntu 10.04 LTS – Ubuntu 8.04 LTS Summary: USN 1358-1 introduced a regression in PHP. Software Description: – php5: HTML-embedded scripting language interpreter Details: USN 1358-1 fixed multiple vulnerabilities in PHP. The fix for […]

Read More »