Cybersecurity threats 2015: Four new vulnerabilities in the Cisco products

---

Four new vulnerabilities in the Cisco products

Four Cisco security products are vulnerable to the DDoS and XSS attacks. Four new vulnerabilities have been found in the Cisco products.

Affected Products:

• Nexus 9000 Series Switches (CVE-2015-0686 DDoS vulnerability)
• Catalyst 4500 Series (CVE-2015-0687 DDoS vulnerability)
• Aggregation Services Routers (CVE-2015-0688 DDoS vulnerability)
• Wireless LAN Controller (CVE-2015-0690 XSS vulnerability)

(more…)

New Cross-site scripting Vulnerabilities in WordPress Plugins – October 10, 2014

The latest Cross-site scripting vulnerabilities in WordPress plugins

Five Cross-site scripting vulnerabilities in WordPress plugins: Profile Builder, Photo Gallery, EWWW Image Optimizer, Contact Form DB, and Google Calendar Events.

1. Cross-site scripting in WordPress Profile Builder Plugin

Danger: Low
Availability Corrections: Yes
Number of vulnerabilities: 1
CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: P / A: N / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7 (more…)

Notification: New Vulnerability in WordPress – September 24, 2014

WordPress vulnerabilities

1. Security Bypass WordPress WP-Ban

Danger level: Low
Availability Corrections: Yes
Number of vulnerabilities: 1

CVSSv2 Rating: (AV: N / AC: L / Au: N / C: N / I: N / A: P / E: U / RL: O / RC: C) = Base: 5 / Temporal: 3.7
CVE ID: CVE-2014-6230

Vector operation: Remote
Impact: Security Bypass (more…)

Multiple Vulnerabilities in WordPress plugins May 22, 2013

Multiple Vulnerabilities

Latest vulnerabilities in popular plugins for WordPress: Covert VideoPress, Digg Digg, Video Gallery and Related Posts.

• Cross-site scripting WordPress Covert VideoPress

Danger level: Low
The presence of fixes: No
The number of vulnerabilities: 1

Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Covert VideoPress Theme

Affected versions: WordPress Covert VideoPress (more…)

CSRF attack in WordPress May 4, 2013

CSRF attack in WordPress

Vulnerability: CSRF attack in WordPress (XSS)

1. CSRF attack in WordPress Facebook Members

Danger level: Low
The presence of fixes: Yes
The number of vulnerabilities: 1

CVE ID: CVE-2013-2703
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Facebook Members Plugin 5.x
Affected versions: WordPress Facebook Members 5.0.4, possibly earlier. (more…)

Cross-site scripting WordPress (March 7, 2013)

Vulnerability: Cross-site scripting WordPress Count per Day

Danger level: Low
Patch: None
Number of vulnerabilities: 1

Operation vector: Remote
Impact: Cross Site Scripting

Affected products: WordPress Count per Day Plugin 3.x

Affected versions: WordPress Count per Day 3.2.5, possibly earlier.

Description:

The vulnerability allows malicious people to conduct XSS attacks.

The vulnerability is caused due to insufficient input validation in the parameter “daytoshow” in script wp-content/wp-admin/index.php (when the parameter “page” is “cpd_metaboxes”). This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)

WordPress Audio Player – Cross-site scripting

XSS in WordPress Audio Player

Vulnerability: Cross-site scripting in WordPress Audio Player

Danger level: Low
Patch: Yes
Number of vulnerabilities: 1

CVE ID: CVE-2013-1464
Vector of operation: Remote
Impact: Cross Site Scripting

Affected products: WordPress Audio Player Plugin 2.x

Affected versions: WordPress Audio Player 2.0.4.5, possibly earlier. (more…)

Multiple vulnerabilities in WordPress

Vulnerability: Multiple vulnerabilities in WordPress

Danger: Average
Patch: Yes
Number of vulnerabilities: 3

Vector of operation: Remote
Impact: Cross Site Scripting, Disclosure of sensitive data

Affected products: WordPress 3.x

Affected versions: WordPress version to 3.5.1. (more…)

Multiple vulnerabilities in CouchDB

Vulnerabilities in CouchDB

Vulnerability: Multiple vulnerabilities in CouchDB

Danger: High
Patch: Yes
Number of vulnerabilities: 3

CVE ID: CVE-2012-5641
CVE-2012-5649
CVE-2012-5650

Vector of operation: Remote
Impact: Cross Site Scripting, Disclosure of sensitive data, System compromise

Affected products: Apache CouchDB 1.x

Affected versions: Apache CouchDB versions prior to 1.0.4., Apache CouchDB versions prior to 1.1.2., Apache CouchDB versions prior to 1.2.1. (more…)

Multiple vulnerabilities in MyBB Profile Blogs

Vulnerabilities in MyBB Profile Blogs

Vulnerability: Multiple vulnerabilities in MyBB Profile Blogs

Danger: Low
Number of vulnerabilities: 2

Vector of operation: Remote
Impact: Cross Site Scripting
Unauthorized manipulation of data

Affected Products: Profile Blogs 1.x (plugin for MyBB)

Affected versions: MyBB Profile Blogs 1.2, maybe earlier.

Description:

The vulnerability allows a remote user to execute arbitrary SQL commands in the application database.

1. The vulnerability is caused due to insufficient input validation in the parameter ‘subject’ in the script member.php (when the parameter ‘action’ is equal to ‘profile’, ‘uid’ is set.) This can be exploited to execute arbitrary HTML and script code in a user’s browser session in context of an affected site. (more…)