by Bill Sempf
21. October 2018 13:55
The "Man that was a hell of a flu bug" edition. Stay healthy, everyone.
SSH bypass by ... wait for it ... telling the server your request is granted. These are not the vulnerabilities you are looking for. They can go on their way.
https://www.libssh.org/security/advisories/CVE-2018-10933.txt
PHP 5.6 support is ending. That's a whole lot of websites.
https://www.zdnet.com/article/around-62-of-all-internet-sites-will-run-an-unsupported-php-version-in-10-weeks/
RCE in URL handling in Edge. Positive security model, people.
https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2018-8495
Oracle released 300 patches, most of them critical or high. Not sure if this is good or bad.
https://www.oracle.com/technetwork/security-advisory/cpuoct2018-4428296.html
jQuery File Upload has a serious bug that has been being exploited for three years. Go update those old applications.
https://www.zdnet.com/article/zero-day-in-popular-jquery-plugin-actively-exploited-for-at-least-three-years/
Here's a new SSL testing contender. I haven't tried it yet but I will tomorrow. Let me know what you think if you use it.
https://testssl.sh/
And that's the news.
776a519f-d35a-49cb-9265-0cc171469baf|0|.0|96d5b379-7e1d-4dac-a6ba-1e50db561b04
Tags:
Subscribe