Multiple vulnerabilities in the Samsung Galaxy S6 Edge

---

Information security experts have found 11 flaws in the Samsung Galaxy S6 Edge

Information security experts from Google Project Zero found the eleven dangerous vulnerabilities in Galaxy S6 Edge from Samsung, and was immediately reported to the manufacturer.

Samsung released the update which fixes eight holes in October this year. Three the least dangerous vulnerabilities will be eliminated this month. (more…)

Cybersecurity threats 2015: new security vulnerabilities has been found by security researchers

---

Several new security vulnerabilities of varying severity has been found by security researchers

Several new security vulnerabilities of varying severity has been found by security researchers:

• System compromise in Android (high severity vulnerability)
• Bypassing security restrictions on Apache Tomcat (middle severity vulnerability)
• Multiple vulnerabilities in CMS Drupal (low severity vulnerability)
• Compromising the system in Apple QuickTime for Windows (high severity vulnerability) (more…)

Cybersecurity threats 2015: Denial of service in the Linux Kernel – January 29

Three new vulnerabilities have been found in the Linux Kernel CVE-2014-3673, CVE-2014-3687, and CVE-2014-3688. These vulnerabilities allows a remote user to cause a denial of service (Kernel panic).

Denial of service in the Linux Kernel

Danger level: Middle
The presence of fixes: Yes
The number of vulnerabilities: 3 (more…)

Kernel Multiple Vulnerabilities in FreeBSD

Multiple vulnerabilities have been found in the FreeBSD kernel code.

FreeBSD Kernel Multiple Vulnerabilities

Danger level: middle
The presence of fixes: Yes
The number of vulnerabilities: 3

CVSSv2 rating: (AV: L / AC: L / Au: N / C: N / I: N / A: C / E: U / RL: OF / RC: C) = Base: 4.9 / Temporal: 3.6
(AV: L / AC: L / Au: N / C: C / I: C / A: C / E: U / RL: OF / RC: C) = Base: 7.2 / Temporal: 5.3
(AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: OF / RC: C) = Base: 2.1 / Temporal: 1.6
CVE ID: CVE-2014-0998; CVE-2014-8612; CVE-2014-8613 (more…)

Vulnerabilities 2015: High risk vulnerabilities in the Microsoft Windows

Microsoft patches two critical vulnerabilities in the Windows:

• Directory traversal attack CVE-2015-0016 (vulnerability exists in the TS WebProxy Windows component)
• Buffer Overflow Vulnerability CVE-2015-0014 (A buffer overflow vulnerability exists in Windows Telnet service)

Bypass security restrictions in Microsoft Windows (Directory traversal attack)

Danger level: High
The presence of fixes: Yes
The number of vulnerabilities: 1 (more…)

The latest vulnerabilities in WordPress plugins (December 28, 2014)

Here three vulnerabilities found in plugins of Content Management System WordPress: Disclosure of sensitive data in XCloner, SQL-injection in WP Symposium Plugin, and Cross-site scripting (CSRF-attack) in W3 Total Cache Plugin.

1. Disclosure of sensitive data in WordPress XCloner

Danger level: Low
Availability correction: None
The number of vulnerabilities: 1
CVSSv2 rating: (AV: L / AC: L / Au: N / C: P / I: N / A: N / E: U / RL: U / RC: C) = Base: 2.1 / Temporal: 1.8

Vector of operation: Local
Impact: Arbitrary command execution, Disclosure of sensitive data (more…)

The FreeBSD developers have removed potentially dangerous vulnerability

This gap provided an opportunity to introduce malicious code into vulnerable systems using open source software.

The company’s specialists Norse discovered a programming error in the operating system FreeBSD, allowing cause a buffer overflow in the function of stdio. The breach provided opportunity to introduce malicious code into vulnerable systems using open source software.

According to experts, an error occurs when accessing the system calls «write» and «write (2)» during setup flow and if the status of the stream is not checked, can lead to a buffer overflow. (more…)

Cybersecurity threats 2014: multiple dangerous vulnerabilities in the WordPress InfiniteWP Admin Panel

The researchers emphasize that the gaps in the free app puts at risk the safety of hundreds of thousands of web resources.

According to the Walter Hop’s notification, a security researcher and founder of Netherlands-based Web development company Slik, he was able to find a number of vulnerabilities in popular free application InfiniteWP Admin Panel, which use administrators of the content management system WordPress.

According to the developers of the affected product, for all the history of the project, it has been downloaded at least 875,000 times and is utilized by over 318,000 web sites. With it, administrators can work with multiple installations through one control panel. (more…)

Cybersecurity threats 2014: High risk vulnerability in the WordPress Plugin

Dangerous vulnerability in the popular (around 850,000 downloads) WordPress Download Manager plugin. The vulnerability was discovered and disclosed last week. Exploitation of this vulnerability allows an attacker to take remotely control of the target web-site through the introduction of backdoors and modify user passwords.

Specialists of the company Sucuri found dangerous vulnerability in the WordPress Download Manager Plugin. Exploitation of this flaw allows an remote attacker to gain control of the target web-site through the introduction of backdoors and modification of user passwords. (more…)

Cybersecurity threats 2014: Security Bypass in WordPress InfiniteWP Client

Privilege escalation and potential Object Injection vulnerability. The vulnerability allows a remote user to cause a denial of service and data manipulation.

Danger level: average
The presence of fixes: Yes
The number of vulnerabilities: 1
CVSSv2 rating: (AV: N / AC: L / Au: N / C: N / I: P / A: P / E: U / RL: O / RC: C) = Base: 6.4 / Temporal: 4.7

Vector of operation: Remote
Impact: Denial of service, Unauthorized modification of data (more…)