Why you can’t update it all at once?

It’s the second part of our talk with Daniil Svetlov at his radio show “Safe Environment” recorded 29.03.2017. In this part we talk about vulnerabilities in Linux and proprietary software, problems of patch an vulnerability management, and mention some related compliance requirements. Video with...

Understanding Your Monthly Security Reports

When we first starting a conversation with our prospects, we are frequently asked, “Just how will I know that Wallarm is working?” To help answer that, let’s take a look at the report we sent to one of our customers last week to understand what kind of threats Wallarm defends agains. Wallarm...

OpenSSL Vulnerability

The OpenSSL library has been found to contain vulnerability CVE-2017-3731. Palo Alto Networks software makes use of the vulnerable library and may be affected. Ref PAN-73914 / CVE-2017-3731 The OpenSSL library in use by PAN-OS is patched on a regular basis. This issue affects PAN-OS 6.1, PAN-OS...

Hacking Ali cloud released Windows System the high-risk vulnerability solution-exploits warning-the black bar safety net

4 on 14 November, outside the hacking group discloses a comprising a plurality of Windows Remote exploit tools for the confidential documents. To ensure that the cloud on the user's business security, Ali cloud in 4 month 15 days morning nine points half released a vulnerability announcement and...

ashemaletube.com XSS vulnerability

Vulnerable URL: https://www.ashemaletube.com/search/test"'--! Details: Description| Value ---|--- Patched:| Yes, at 12.04.2017 Latest check for patch:| 12.04.2017 18:33 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1634 VIP website status:| Yes Check...

actionboardshop.com XSS vulnerability

Vulnerable URL: http://www.actionboardshop.com/catalogsearch/result/?q=%22%3E%3Csvg%2Fonload%3Dalert%2FOPENBUGBOUNTY%2F%3E Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 4012064 VI...

EON 5.0 Remote Code Execution Vulnerability

Exploit for php platform in category web applications CVE-2017-6087 EON 5.0 Remote Code Execution Description EyesOfNetwork "EON" is an OpenSource network monitoring solution. Remote Code Execution authenticated The Eonweb code does not correctly filter arguments, allowing authenticated users to...

Linux Kernel Gets Patch For Years-Old Serious Vulnerability

Another dangerous vulnerability has been discovered in Linux kernel that dates back to 2009 and affects a large number of Linux distros, including Red Hat, Debian, Fedora, OpenSUSE, and Ubuntu. The latest Linux kernel flaw CVE-2017-2636, which existed in the Linux kernel for the past seven years,...

ergon-ensemble.gr XSS vulnerability

Vulnerable URL: http://www.ergon-ensemble.gr/cms/main.php?cid=162〈=en=1"';-- Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 19:07 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 11712414 VIP website status:| ...

Microsoft Windows SMB Server CVE-2017-0143 Remote Code Execution Vulnerability

Description Microsoft Windows is prone to a remote code-execution vulnerability. Successful exploits will allow an attacker to execute arbitrary code on the target system. Failed attacks will cause denial of service conditions. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit...

theifp.ca XSS vulnerability

Vulnerable URL: http://www.theifp.ca/search/allarticles/?q=%3cimg%20src%3dx%20onerror%3dprompt%2fopenbugbounty%2f%3e=haltonhills-on=datedesc Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1070658 VIP website...

orangeville.com XSS vulnerability

Vulnerable URL: http://www.orangeville.com/search/allarticles/?q=%3cimg%20src%3dx%20onerror%3dprompt%2fopenbugbounty%2f%3e=orangeville-on=datedesc Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 551394 VIP websit...

Dahua Patching Backdoor in DVRs, IP Cameras

A California firm is rushing to patch a backdoor that apparently exists in a host of DVRs, CCTV and IP cameras it manufactures. Engineers with Dahua Technology USA began pushing firmware updates for the issue on Monday, something the company says stems from “a small piece of code.” The company sa...

SUSE-SU-2017:0586-1 Security update for ImageMagick

This update for ImageMagick fixes the following issues: - CVE-2016-10046: Prevent buffer overflow in draw.c caused by an incorrect length calculation bsc1017308 - CVE-2016-10048: Arbitrary module could have been load because relative path were not escaped bsc1017310 - CVE-2016-10049: Corrupt RLE...

churchhistorianspress.org XSS vulnerability

Vulnerable URL: https://www.churchhistorianspress.org/george-q-cannon/search?q=%27%22%2F%3E%3E%3C%2Fscript%3E%3Cscript%3Ealert%28%2FOPENBUGBOUNTY%2F%29%3C%2Fscript%3E Details: Description| Value ---|--- Patched:| Yes, at Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Ran...

sigmacoatings.co.za XSS vulnerability

Vulnerable URL: http://www.sigmacoatings.co.za/search.php?search=asdas" Details: Description| Value ---|--- Patched:| Yes, at 28.07.2017 Latest check for patch:| 28.07.2017 15:26 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 9810386 VIP website status:| No Che...

galleriez.org XSS vulnerability

Vulnerable URL: http://www.galleriez.org/search.php?action=search=%22%3E%3C%2Ftitle%3E%27%3E%3B%3C%2Fscript%3E%3Csvg%2Fonload%3Dalert%28%2FOPENBUGBOUNTY%2F%29%3E=and Details: Description| Value ---|--- Patched:| No Latest check for patch:| 28.07.2017 Vulnerability type:| XSS Vulnerability status:...

icecubechandigarh.com XSS vulnerability

Vulnerable URL: http://icecubechandigarh.com/showproducts.php?cid=6!" Details: Description| Value ---|--- Patched:| Yes, at 25.11.2017 Latest check for patch:| 25.11.2017 10:31 GMT Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank| 1420353 VIP website status:| No Check...

sandbox.bluesnap.com XSS vulnerability

Vulnerable URL: https://sandbox.bluesnap.com/jsp/buynow.jsp?contractId=2154142=500.00&custom1;=hello%20world%3C!%27/!%22/!%27/%22/--!%3E%3CInput/Autofocus/%0D/Onfocus=confirmOPENBUGBOUNTY//%3E%3CSvg%3E Details: Description| Value ---|--- Patched:| Yes, at 28.08.2017 Latest check for patch:|...

MGASA-2017-0045 Updated nagios packages fix security vulnerabilities

The nagios package has been patched to fix the following issues: Improper sanitization of RSS feed input enables unauthenticated remote read and write of arbitrary files CVE-2016-9565. Unsafe logfile handling allows unprivileged users to escalate their privileges to root CVE-2016-9566...