Blogs

WordPress < 2.8.6 Arbitrary File Upload Vulnerability

http://www.securityfocus.com/bid/37005/info

"WordPress is prone to a vulnerability that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also
possible."

WordPress < 2.8.6 Arbitrary File Upload Vulnerability

http://www.securityfocus.com/bid/37005/info

"WordPress is prone to a vulnerability that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also
possible."

TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

WordPress < 2.8.6 Arbitrary File Upload Vulnerability

http://www.securityfocus.com/bid/37005/info

"WordPress is prone to a vulnerability that lets attackers upload
arbitrary files. The issue occurs because the application fails to
adequately sanitize user-supplied input.

An attacker can exploit this vulnerability to upload arbitrary code and
run it in the context of the webserver process. This may facilitate
unauthorized access or privilege escalation; other attacks are also
possible."

TLS Man in the Middle (MITM) attacks based on renegotiation - patches available for RHEL3,4,5

https://bugzilla.redhat.com/show_bug.cgi?id=533125

A recent paper on TLS renegotiation showed a method for injecting
information into the encrypted stream. This could lead to successful
Man in the Middle (MITM) attacks in an already encrypted stream.

The current mitigation patch that is officially supported by RedHat is
to totally disable encryption re-negotiation. This workaround has been
patched in OpenSSL 0.9.8l.

Autocomplete Data Theft in Mozilla Firefox

http://www.securityfocus.com/archive/1/507668

"A malicious web page can extract out all the data stored within the
autocomplete history of a user's Firefox browser. The web page must
convince a user to hold down the left or right-arrow keys then the
contents of the autocomplete popup can be read. This may includes the
search history box within the browser, or other personal details."

"Mozilla fixed this issue in the 3.5.4 and 3.0.0.15 releases of Firefox."

Pages