info@unhackable.org Phone: +877 547 3638

CVE-2016-1531 Exim MTA Privilege Escalation Vulnerability

Version Git tag ——————————— Exim 4.84.2 exim-4_84_2 Exim 4.85.2 exim-4_85_2 Exim 4.86.2 exim-4_86_2 Exim 4.87 RC 5 exim-4_87_RC5 (It’s an updated version of 4.8{4,5,6}.1, fixing minor portability issues for *BSD and OS/X). The known download area contains packed tarballs. The tarballs for fixed older versions (4.84.2, 4.85.2) are below the old/ directory. Every tarball and […]

Read More »

CVE-2016-0800: DROWN OpenSSL vulnerability / SSLv2 disabled

OpenSSL Security Advisory [1st March 2016] ========================================= NOTE: With this update, OpenSSL is disabling the SSLv2 protocol by default, as well as removing SSLv2 EXPORT ciphers. We strongly advise against the use of SSLv2 due not only to the issues described below, but to the other known deficiencies in the protocol as described at https://tools.ietf.org/html/rfc6176 […]

Read More »

WordPress WP-Super-Cache plugin XSS vulnerability

Million of WordPress websites using the WP-Super-Cache are exposed to the risk of attack due to a critical vulnerability affecting the popular plugin. The WP-Super-Cache plugin, is normally used to improve the performance of the WordPress website because it generates static HTML files from dynamic WordPress blogs. The critical persistent cross-site scripting vulnerability was reported […]

Read More »

Remote vulnerability in bash – patches available for CVE-2014-6271, CVE-2014-7169

Bash or the Bourne again shell, is a UNIX like shell, which is perhaps one of the most installed utilities on any Linux system. From its creation in 1980, bash has evolved from a simple terminal based command interpreter to many other fancy uses. In Linux, environment variables provide a way to influence the behavior […]

Read More »

SimFS (VZ / OpenVZ) Security Vulnerability #PSBM-27641, #CVE-2014-3519

***UPDATE IMMEDIATELY – Vulnerability in simfs virtual filesystem*** A critical vulnerability in the legacy simfs Container filesystem was fixed. This affects OpenVZ and Parallels Virtuozzo Containers based on vzfs. Note: ploop filesystems were not affected. References: http://www.webhostingtalk.com/showpo…0&postcount=38 https://openvz.org/Download/kernel/rhel6/042stab090.5 http://kb.parallels.com/en/122142

Read More »

mySQL vulnerabilities up to 5.1.61, 5.2.11, 5.3.5, 5.5.22

On Saturday afternoon Sergei Golubchik posted to the oss-sec mailing list about a recently patched security flaw (CVE-2012-2122) in the MySQL and MariaDB database servers. This flaw was rooted in an assumption that the memcmp() function would always return a value within the range -127 to 127 (signed character). On some platforms and with certain […]

Read More »

OpenSSL Still vulnerable, fix CVE-2012-2110 not sufficient!

It was discovered that the fix for CVE-2012-2110 released on 19 Apr 2012 and referenced in this post on unhackable, was not sufficient to correct the issue for OpenSSL 0.9.8. Please see http://www.openssl.org/news/secadv_20120419.txt for details of that vulnerability. This issue only affects OpenSSL 0.9.8v. OpenSSL 1.0.1a and 1.0.0i already contain a patch sufficient to correct […]

Read More »

OpenSSL Vulnerabilities – CVE-2012-2110, CVE-2006-7250, CVE-2012-1165

Summary: An application using OpenSSL could be made to crash or run programs if it opened a specially crafted file. Software Description: – openssl: Secure Socket Layer (SSL) cryptographic library and tools Details: It was discovered that OpenSSL could be made to dereference a NULL pointer when processing S/MIME messages. A remote attacker could use […]

Read More »