The WordPress development team has released version 3.1.2 of the popular blogging platform in order to address a privilege escalation issue affecting post publishing.According to the release announcement, the flaw allowed Contributor-level users to improperly publish posts.The security hole was located in press-this.... |
27 April 2011
13:55 GMT |
 |
|
VMware has released security updates for its VMware Workstation and VMware VIX API products in order to address a local privilege escalation vulnerability.The flaw, identified as CVE-2011-1126, is located in the vmrun utility which is used to perform tasks on virtual machines.Since vmrun is a Linux-only utility, only... |
1 April 2011
02:00 GMT |
|
|
Exim maintainers have released version 4.73 of the popular Internet mailer, which addresses a critical privilege escalation vulnerability disclosed as a zero-day last month.The flaw, identified as CVE-2010-4345, consists of an input validation error which allows local users to execute arbitrary code with root privile... |
6 January 2011
06:40 GMT |
|
|
Microsoft has finally patched a remote code execution Internet Explorer vulnerability actively exploited in the wild since six weeks ago, as well as the last Stuxnet zero-day flaw.Yesterday, Microsoft released a number of 17 security bulletins covering a total of 40 vulnerabilities in Windows, Office, Internet Explor... |
15 December 2010
04:51 GMT |
|
|
WordPress 3.0.3 has just been released as a security update to address a vulnerability that makes it possible for low-level users to edit or delete posts without authorization. The vulnerability is located in the remote publishing interface, which allows users to edit content from desktop or mobile applications w... |
9 December 2010
07:59 GMT |
|
|
Security researchers warn that a new variant of a sophisticated rootkit dubbed TDL4 is leveraging an yet-unpatched privilege escalation vulnerability originally exploited in the wild by the infamous Stuxnet worm.TDL4 is the latest version of a rootkit originally known as TDSS or Tidserv, which appeared back in 2008.H... |
8 December 2010
04:40 GMT |
|
|
VMware has released updates for its Workstation, Player, Fusion, ESXi and ESX products to address four privilege escalation, command injection and remote code execution vulnerabilities.The first flaw is described in the newly published security advisory as a race condition in vmware-mount and affects Workstation 7.x ... |
3 December 2010
10:31 GMT |
|
|
Various security vendors warned today about the public availability of exploit code for a previously unknown Windows privilege escalation vulnerability that can be used to bypass UAC. The vulnerability was disclosed on a programming portal called CodeProject, but the page has since been removed by the site's... |
25 November 2010
05:54 GMT |
|
|
Hackers have released proof-of-concept exploit code for an yet unpatched Windows Vista and 7 privilege escalation vulnerability leveraged by the infamous Stuxnet worm.Stuxnet is a highly complex threat designed for industrial espionage and sabotage, which is widely considered to be the most sophisticated piece of mal... |
22 November 2010
02:54 GMT |
|
|
A local privilege escalation vulnerability that could allow attackers to execute malicious code with root rights was patched in the newly released Linux kernel 2.6.36.The vulnerability, identified as CVE-2010-3904, is located in the Reliable Datagram Sockets (RDS) protocol implementation in Linux kernel and can be ex... |
21 October 2010
13:46 GMT |
|
|
A highly dangerous privilege escalation vulnerability, which can allow an attacker to execute arbitrary code as root from any GUI application, has been patched in the Linux kernel.The flaw was discovered by Rafal Wojtczuk, principal researcher at Invisible Things Lab (ITL), a security research company based in Poland... |
18 August 2010
06:15 GMT |
|
|
Microsoft has confirmed a vulnerability in the win32k.sys kernel-mode driver, which affects all supported versions of the Windows operating system and can be exploited by local attackers to escalate privileges.The flaw was publicly disclosed by a security researcher last week and some vulnerability research companies... |
11 August 2010
04:10 GMT |
|
|
A new Windows vulnerability that could allow for privilege escalation and arbitrary code execution has been identified. According to vulnerability research company VUPEN Security, the flaw affects all supported versions of Microsoft Windows.The issue is described by VUPEN in its advisory as a Windows kernel memory co... |
6 August 2010
13:18 GMT |
|
|
The Apache Software Foundation (ASF) announces that several of its services were targeted in a complex attack that led to a server being completely hacked and another partially compromised. A considerable number of possibly insecure password hashes have also been lifted from the organization's systems.The attack... |
14 April 2010
10:33 GMT |
|
|
A Polish security researcher has announced that both the FreeBSD 7.2 and 6.4 releases suffer from local privilege escalation vulnerabilities that could be exploited to obtain root access. The FreeBSD team is working on patches and will release official security advisories soon.The vulnerability affecting FreeBSD 6.4-... |
15 September 2009
07:17 GMT |
|
|
The development department at anti-virus vendor Trend Micro has been recently hard at work to plug a hole in the Internet Security 2008 and 2009 products after someone posted a PoC exploit for it. Trend Micro is one of the largest providers of anti-virus and security solutions in the world. Its flagship product is P... |
3 April 2009
06:21 GMT |
|
|
Cisco has published a security advisory announcing four vulnerabilities, which affect all of its Wireless LAN Controller (WLC) platforms. The company has also released security patches in order to mitigate the risks. The most serious flaw of the four is rated by Cisco as moderate and exploiting it can allow a remote... |
5 February 2009
08:27 GMT |
|
|
Find us on Google+
