WordPress < 4.7.5 Multiple Vulnerabilities

Binary data 700121.prm...

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

Input validation

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

DEBIAN-CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

UBUNTU-CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

UBUNTU-CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

CVE-2017-9065

In WordPress before 4.7.5, there is a lack of capability checks for post meta data in the XML-RPC API...

CVE-2017-9062

In WordPress before 4.7.5, there is improper handling of post meta data values in the XML-RPC API...

WordPress <=4.7.4 - Post Meta Data Values Improper Handling in XML-RPC API

WordPress versions starting from 2.5 to 4.7.4 have the improper handling of post meta data values in the XML-RPC Remote Procedure Call API. Discovered and reported by Sam Thomas. Solution Update WordPress core to the latest possible version at least 4.7.5...

WordPress 2.5.0-4.7.4 - Post Meta Data Values Improper Handling in XML-RPC

...

The vulnerability of the PHP interpreter, which allows a hacker to trigger a service failure

The vulnerability of the phppgsqlmetadata function pgsql.c in the PostgreSQL interpreter for PHP is related to errors during the checking of table names. Exploiting this vulnerability allows a malicious actor to cause service failure such as deallocation of memory or termination of the applicatio...

Vimeo: Private, embeddable videos leaks data through Facebook & Open Graph

Clip meta-data disclosed to thrid-party crawlers...

WP-Invoice <= 4.1.0 - Multiple Vulnerabilities

WP-Invoice plugin = 4.1.0 contains multiple security vulnerabilities that include information disclosure, unauthorised updating of meta data, and privilege escalation...

WordPress WP Invoice Plugin <= 4.1.0 - Multiple Vulnerabilities

This plugin is prone to unauthorized setting changes, retrieving invoices of arbitrary users, updating previously invoiced users meta data and privilege escalation of logged in users. Solution Update the plugin...

AVG Antivirus Plans to Collect & Sell Your Personal Data to Advertisers

We at The Hacker News are big fans of Security Software – The first thing we install while setting our Computers and Devices. Thanks to Free Security Software that protects Internet users without paying for their security. But, Remember: Nothing comes for FREE "Free" is just a relative term, as o...

Vulnerability in Citrix XenServer Could Result in Information Disclosure (CTX201717)

A vulnerability has been identified in Citrix XenServer which could, if exploited, allow a malicious administrator of an HVM guest VM to obtain meta-data about their own VM. Citrix is presently unaware of any meta-data that might be leaked that would be of value to a malicious guest administrator...