The WordPress team has been quick to act on a vulnerability in the Snoopy library that was announced today. 2.6.3 is available for download.
Only two files have been updated and as usual I’ve made a single file that you can use to upgrade your WordPress 2.6.2 installation to 2.6.3.
Download the file below and unzip it [...]
Secunia reports that Piotr Bania has found a vulnerability in Adobe Reader, which can potentially be exploited by malicious people to compromise a user’s system.
The vulnerability is caused due to an unspecified error when processing PDF files. This can be exploited to cause a heap corruption and may allow execution of arbitrary code when a [...]
Continue reading about Beware: Potential vulnerability in Adobe Reader
This is a different kind of WordPress tip, but a highly essential one. A little towards the end of last year, David Kierznowski discovered a minor security flaw, a flaw nonetheless in WordPress version 2.0.5. It is possible that all lower versions are affected as well.
It was notified to the WordPress team and Mark Jaquith [...]
Continue reading about WordPress Wednesday: WordPress Vulnerability in 2.0.5 Downwards
Microsoft released eleven patches, including fixes for three critical vulnerabilities, as part of its monthly Patch Tuesday update delivered on Dec. 12.
Windows users can download the free updates manually from Microsoft Update or via Automatic Updates.
The updates include fix for vulnerabilities in WMP, fixes for four security holes in Internet Explorer 6 as well as [...]
Continue reading about Microsoft’s Patch Tuesday fixes 11 Holes, 3 Critical
Microsoft sure has a lot of running work to do. Just a day after a Zero Day flaw was detected in Word, a new flaw has been detected in Windows Media Player.
There is a detailed explanation for it as below:
The Windows Media Player library WMVCORE.DLL contains a potentially exploitable heap buffer overflow in its handling [...]
Continue reading about Zero Day Flaw in Windows Media Player
In a new Security Advisory, Microsoft has reported a vulnerability in Microsoft Word 2000, Microsoft Word 2002, Microsoft Office Word 2003, Microsoft Word Viewer 2003, Microsoft Word 2004 for Mac, and Microsoft Word 2004 v. X for Mac, as well as Microsoft Works 2004, 2005, and 2006.
Using the vulnerability, an attacker can launch a Zero [...]
Continue reading about Beware: Vulnerability in Microsoft Word
In a recent Security Advisory, Adobe has stated that a critical vulnerabilty in an ActiveX Control used in Internet Explorer could allow malicious hackers to use Adobe’s Reader and Acrobat software to launch PC hijack attacks
Affected software versions
Adobe Reader, Acrobat Standard and Professional 7.0.0 through 7.0.8 on the Windows platform when using Internet Explorer.
Solution
Exit [...]
Continue reading about Beware: Potential vulnerabilities in Adobe Reader and Acrobat
Rated as Highly Critical by Secunia, this affects Max OS X systems.
Mac OS X com.apple.AppleDiskImageController fails to properly handle corrupted DMG image structures, leading to an exploitable memory corruption condition with potential kernel-mode arbitrary code execution by unprivileged users.
This is even worse if you are using the Safari browser, because it automatically loads downloaded [...]
Secunia Advisories reports that Kacper has found a vulnerability in the Spider Friendly module for phpBB
The vulnerability is reported in version 1.3.10 of the module, with the possibility that other versions may also be affected.
It is reported to be Highly Critical.
Input passed to the “phpbb_root_path” parameter in admin/modules_data.php is not properly verified before being used [...]
Continue reading about phpBB Spider Friendly Module Vulnerability reported
Secunia Research has found yet another flaw in Internet Explorer 7.
The problem is that a website can inject content into another site’s window if the target name of the window is known. This can e.g. be exploited by a malicious website to spoof the content of a pop-up window opened on a trusted website.
This follows [...]
