Oracle has released Vulnerability-related.PatchVulnerability a wide-ranging security update to address Vulnerability-related.PatchVulnerability more than 300 CVE-listed vulnerabilities in its various enterprise products . The October release covers the gamut of Oracle 's offerings , including its flagship Database , E-Business Suite , and Fusion Middleware packages . For Database , the update addresses Vulnerability-related.PatchVulnerability a total of three flaws . Two of the vulnerabilities ( CVE-2018-3259 and CVE-2018-3299 ) can be remotely exploited Vulnerability-related.DiscoverVulnerability without authentication , while the third , CVE-2018-7489 , would require the user to have a Rapid Home Provisioning account to execute and is considered by far the least severe of the three . Oracle noted Vulnerability-related.DiscoverVulnerability that all three bugs only impact Vulnerability-related.DiscoverVulnerability the server versions of Database , user clients are not considered to be vulnerable Vulnerability-related.DiscoverVulnerability . For Fusion Middleware , the update will include a total of 56 CVE-listed flaws , including 12 that are remotely exploitable with CVSS base scores of 9.8 , meaning an exploit would be fairly easy to pull off and offer near total control of the target machine . Of those 12 , five were for critical flaws in WebLogic Server . Java SE will get Vulnerability-related.PatchVulnerability 12 security fixes , with all but one being for remotely exploitable vulnerabilities in that platform . Oracle notes Vulnerability-related.DiscoverVulnerability that though the CVSS scores for the flaws are fairly high , Solaris and Linux machines running software with lower user privileges will be considered to be at a lower risk than Windows environments that typically operate with admin privileges . MySQL was the target of 38 CVE-listed bug fixes this month , through just three of those are remotely exploitable . The two most serious , CVE-2018-11776 and CVE-2018-8014 , concern remote code flaws in MySQL Enterprise Monitor . PeopleSoft will see 24 bug fixes , 21 of which can be remotely targeted and seven that would not require any user interaction . Just one of the 24 flaws was given a CVSS base score higher than 7.2. in the Oracle listing . Sun products were the subject of 19 security fixes , including two remote code execution flaws in XCP Firmware . libssh bug more like `` oh SSH… '' Once admins get Vulnerability-related.PatchVulnerability the Oracle patches in place , they will want to take a close look at the write-up for CVE-2018-10933 , an authentication bypass for libssh that would allow an attacker to get into a target machine by sending a `` SSH2_MSG_USERAUTH_SUCCESS '' message when it expects a `` SSH2_MSG_USERAUTH_REQUEST '' message . That means any miscreant can log in without a password or other credential . As you can imagine , this is a very bad thing . Fortunately , the bug does not affect OpenSSH – and thus does not affect the hugely widespread sshd and ssh tools – but rather applications , such as KDE and XMBC , that use libssh as a dependency .

A serious vulnerability in a widely used , and widely forked , jQuery file upload plugin may have been exploited Vulnerability-related.DiscoverVulnerability for years by hackers to seize control of websites – and is only now patched Vulnerability-related.PatchVulnerability . Larry Cashdollar , a bug-hunter at Akamai , explained Vulnerability-related.DiscoverVulnerability late last week how the security shortcoming , designated Vulnerability-related.DiscoverVulnerability CVE-2018-9206 , allows a miscreant to upload and execute arbitrary code as root on a website that uses the vulnerable code with the Apache web server . This would potentially allow an attacker to , among other things , upload and run a webshell to execute commands on the target machine to steal Attack.Databreach data , change files , distribute malware , and so on . Cashdollar – real name , he swears – was able to track Vulnerability-related.DiscoverVulnerability the flaw down to Sebastian Tschan 's open-source jQuery File Upload tool , and got the developer to fix Vulnerability-related.PatchVulnerability it in version 9.22.1 . The flaw stems from a change to the Apache web server , from version 2.3.9 and onwards , that disabled support for .htaccess security configuration files , which left projects like jQuery File Upload open to exploitation . Additionally , Cashdollar noted Vulnerability-related.DiscoverVulnerability , it is almost certain he was not the first person to come across Vulnerability-related.DiscoverVulnerability this simple vulnerability . Demonstration videos on YouTube suggest similar flaws are known Vulnerability-related.DiscoverVulnerability to miscreants , and have been targeted in some circles for years . `` The internet relies on many security controls every day in order to keep our systems , data , and transactions safe and secure , '' Cashdollar said . `` If one of these controls suddenly does n't exist it may put security at risk unknowingly to the users and software developers relying on them . '' So , it 's believed hackers have been quietly exploiting the bug for several years as the flaw itself is fairly trivial and also eight years old . Now that details of the vulnerability are public Vulnerability-related.DiscoverVulnerability , exploit code has been produced , for example , here , and may be handy if you wish to test whether or not your website is vulnerable Vulnerability-related.DiscoverVulnerability to CVE-2018-9206 . In any case , loads of people now know about it , so that means more miscreants menacing and hijacking vulnerable websites .

For the second time in roughly a year , D-Link has failed to act on warnings Vulnerability-related.DiscoverVulnerability from security researchers involving the company ’ s routers . The latest incident arose after Silesian University of Technology researcher Błazej Adamczyk contacted Vulnerability-related.DiscoverVulnerability D-Link last May about three vulnerabilities affecting Vulnerability-related.DiscoverVulnerability eight router models . Following the warning Vulnerability-related.DiscoverVulnerability , D-Link patched Vulnerability-related.PatchVulnerability two of the affected routers , but did not initially reveal Vulnerability-related.DiscoverVulnerability how it would proceed for the remaining six models . After further prompting Vulnerability-related.DiscoverVulnerability from Adamczyk , D-Link revealed Vulnerability-related.DiscoverVulnerability that the remaining six routers would not get Vulnerability-related.PatchVulnerability a security patch because they were considered end-of-life models , leaving affected owners out in the cold . “ The D-Link models affected Vulnerability-related.DiscoverVulnerability are the DWR-116 , DWR-140L , DWR-512 , DWR-640L , DWR-712 , DWR-912 , DWR-921 , and DWR-111 , six of which date from 2013 , with the DIR-640L first appearing Vulnerability-related.DiscoverVulnerability in 2012 and the DWR-111 in 2014 , ” Naked Security reported . Though these are not current models in D-Link ’ s portfolio , many of the listed models are still likely to be in use . As a result of this impasse , Adamczyk released details Vulnerability-related.DiscoverVulnerability about the security flaws , following responsible security protocols after giving D-Link notice and the opportunity to address Vulnerability-related.PatchVulnerability the issues . Of significance is that this is the second time in about a year that D-Link has failed to address Vulnerability-related.PatchVulnerability security vulnerabilities affecting Vulnerability-related.DiscoverVulnerability its products after being notified Vulnerability-related.DiscoverVulnerability by researchers . The security researcher noted Vulnerability-related.DiscoverVulnerability that the new flaw arose Vulnerability-related.DiscoverVulnerability after D-Link reported that it had fixed Vulnerability-related.PatchVulnerability a prior security flaw . Also known as “ directory traversal ” or “ dot dot slash ” attacks , these flaws allow a malicious attacker to gain access to system files with a simple HTTP request . Despite D-Link ’ s spotty history with supporting older router models , the manufacturer is not alone in leaving routers unpatched Vulnerability-related.PatchVulnerability . The American Consumer Institute reported Vulnerability-related.DiscoverVulnerability that of the 186 routers it had tested , 155 contained Vulnerability-related.DiscoverVulnerability firmware vulnerabilities . In total , ACI discovered Vulnerability-related.DiscoverVulnerability more than 32,000 known vulnerabilities in its study . “ Our analysis shows that , on average , routers contained Vulnerability-related.DiscoverVulnerability 12 critical vulnerabilities and 36 high-risk vulnerabilities , across the entire sample , ” ACI noted in its report . “ The most common vulnerabilities were medium-risk , with an average of 103 vulnerabilities per router. ” For shoppers who are in the market for a new router , it ’ s probably best to also check with the manufacturer to see what the supported lifespan of the router is . If the router is nearing its end of life , as in the case illustrated here , you may not get Vulnerability-related.PatchVulnerability patches , regardless of how serious a security vulnerability may be . If you have an older router , you may want to consider checking out our guide for the best router options before you decide to upgrade .

Independent security researcher Dawid Golunski has released Vulnerability-related.DiscoverVulnerability a proof-of-concept exploit code for an unauthenticated remote code execution vulnerability in WordPress 4.6 ( CVE-2016-10033 ) , and information about an unauthorized password reset zero-day vulnerability ( CVE-2017-8295 ) in the latest version of the popular CMS . The vulnerability exists in Vulnerability-related.DiscoverVulnerability the PHPMailer library , and can be exploited Vulnerability-related.DiscoverVulnerability by unauthenticated remote attackers to gain access to and compromise an target application server on which a vulnerable WordPress Core version is installed ( in its default configuration ) . “ No plugins or non-standard settings are required to exploit the vulnerability , ” Golunski noted . The hole has been responsibly disclosed Vulnerability-related.DiscoverVulnerability to the WordPress Foundation , and has been plugged Vulnerability-related.PatchVulnerability in January , with the release of WordPress 4.7.1 . Still , according to the Foundation ’ s own numbers , nearly 11 percent of all WordPress installation out there are still stuck on the vulnerable version 4.6 . And , as Golunski noted Vulnerability-related.DiscoverVulnerability , it ’ s possible that older WordPress versions are also affected Vulnerability-related.DiscoverVulnerability by the same flaw , so the percentage of vulnerable installations could be considerably higher : Admins who still run these older versions of the popular CMS should upgrade Vulnerability-related.PatchVulnerability to newer versions , ideally to the latest one ( v4.7.4 ) . Still , even that might not be a guarantee against compromise , as Golunski has also publicly released Vulnerability-related.DiscoverVulnerability information and POC code for an unauthorized password reset vulnerability ( CVE-2017-8295 ) that the WordPress Foundation is yet to patch Vulnerability-related.PatchVulnerability . According to him and BeyondSecurity , whose SecuriTeam coordinated the disclosure Vulnerability-related.DiscoverVulnerability of the flaw to the WordPress developers , the discovery Vulnerability-related.DiscoverVulnerability of the vulnerability dates back to mid-2016 . Golunski found Vulnerability-related.DiscoverVulnerability it in version 4.3.1 of the CMS . “ WordPress has a password reset feature that contains Vulnerability-related.DiscoverVulnerability a vulnerability which might in some cases allow attackers to get hold of the password reset link without previous authentication . Such attack could lead to an attacker gaining unauthorized access to a victim ’ s WordPress account , ” BeyondSecurity explained . “ The vulnerability stems from WordPress using untrusted data by default when creating a password reset e-mail that is supposed to be delivered only to the e-mail associated with the owner ’ s account. ” Golunski says Vulnerability-related.DiscoverVulnerability that the issue was reported Vulnerability-related.DiscoverVulnerability to the WordPress security team multiple times , but they did not confirm whether it has been patched Vulnerability-related.PatchVulnerability . He ultimately decided to publish Vulnerability-related.DiscoverVulnerability his findings , and offer Vulnerability-related.PatchVulnerability a temporary solution ( “ users can enable UseCanonicalName to enforce static SERVER_NAME value ” ) .

Freelance security researcher Dan Melamed has done us all a solid . Then , he did the right thing : he reported it to Facebook . Melamed said in a blog post on Monday that he ’ d discovered Vulnerability-related.DiscoverVulnerability the critical vulnerability in June . Besides finding Vulnerability-related.DiscoverVulnerability a kill switch for any public video , he also discovered Vulnerability-related.DiscoverVulnerability he could disable commenting on any video . Melamed had looked at the HTTP request that his browser sends to Facebook when he uploads a video . Using a program called Fiddler , he intercepted the request , swapped out his video ’ s ID for one belonging to a victim ’ s video , and then sent the modified request on its way to Facebook . Melamed ’ s method is simple : first , an attacker would either create a public event on Facebook or visit any existing public event . Then , they ’ d go to the event ’ s Discussion tab and create an event post by uploading a photo or video . He found that when you swap the value of the composer_unpublished_photo [ 0 ] parameter for the ID of the Facebook video you want to kill , the server will balk , putting out this error message : This content is no longer available . Error message or no error message , the video will still successfully attach itself to the created event post . When an attacker refreshes the Events Discussion page , they ’ d see that the event posting had appeared with the victim ’ s video attached . Then , it ’ s just a matter of clicking a small arrow dropdown and choosing “ Delete Post ” . A dialog box will warn that the video will also be removed from Photos and Videos . If you confirm in the dialog box that yes , you want to delete the video , Poof ! Credit where credit ’ s due , Melamed noted Vulnerability-related.DiscoverVulnerability that this vulnerability is similar to another video deletion bug that Indian security researcher and penetration tester Pranav Hivarekar discovered Vulnerability-related.DiscoverVulnerability , also in June 2016 . In a nutshell : whereas Hivarekar ’ s flaw had to do with attaching a victim ’ s video to a comment , Melamed discovered Vulnerability-related.DiscoverVulnerability a way to attach the video to an event post . Delete the bath water/event post , and that baby/video gets tossed right out with it . This one had to do with how one man could have deleted any Facebook photo album that he could see . Mark offers this digression : In Melamed ’ s attack on videos , he specifies the ID of a video he ’ s targeting specifically , but since video IDs are just numbers , he could have just guessed one and wiped out a video at random .

A generic wireless camera manufactured by a Chinese company and sold around the world under different names and brands can be easily hijacked and/or roped into a botnet . The flaw that allows this to happen is found Vulnerability-related.DiscoverVulnerability in a custom version of GoAhead , a lightweight embedded web server that has been fitted into the devices . This and other vulnerabilities have been found Vulnerability-related.DiscoverVulnerability by security researcher Pierre Kim , who tested one of the branded cameras – the Wireless IP Camera ( P2P ) WIFICAM . The extensive list of devices affected by Vulnerability-related.DiscoverVulnerability the flaw in the custom embedded web server can be found Vulnerability-related.DiscoverVulnerability here , and includes 1250+ camera models from over 300 vendors , including D-Link , Foscam , Logitech , Netcam , and Polaroid . “ This vulnerability allows an attacker to steal credentials , ftp accounts and smtp accounts ( email ) , ” Kim noted Vulnerability-related.DiscoverVulnerability . He also shared Vulnerability-related.DiscoverVulnerability a PoC exploit that leverages the flaw to allow an attacker to achieve root shell on the device . Other vulnerabilities present Vulnerability-related.DiscoverVulnerability include a RTSP server running on the camera ’ s TCP 10554 port , which can be accessed without authentication , allowing attackers to watch what the camera streams . There is also a “ cloud ” functionality that is on by default , through which the camera can be managed via a mobile Android app . The connection between the two is established through UDP , and will be automatically established to any app that “ asks ” if a particular camera is online . Effectively , the attacker just needs to know the serial number of the device . The established UDP tunnel can also be used by the attacker to dump the camera ’ s configuration file in cleartext , or to bruteforce credentials . “ The UDP tunnel between the attacker and the camera is established even if the attacker doesn ’ t know the credentials , ” Kim noted . “ It ’ s useful to note the tunnel bypasses NAT and firewall , allowing the attacker to reach internal cameras ( if they are connected to the Internet ) and to bruteforce credentials . Then , the attacker can just try to bruteforce credentials of the camera ” . Kim advises owners of these devices to disconnect them from the Internet . A simple search with Shodan revealed Vulnerability-related.DiscoverVulnerability that there are 185,000+ vulnerable cameras out there , ready to be hijacked . The vulnerabilities are not in GoAhead , but the custom version of the web server developed by the Chinese OEM vendor , so EmbedThis – the company that develops GoAhead – can do nothing to fix Vulnerability-related.PatchVulnerability this . Interestingly enough , SecuriTeam revealed Vulnerability-related.DiscoverVulnerability today the existence of an arbitrary file content disclosure Vulnerability-related.DiscoverVulnerability vulnerability affecting Vulnerability-related.DiscoverVulnerability older versions of the GoAhead web server . Discovered Vulnerability-related.DiscoverVulnerability by independent security researcher Istvan Toth , the vulnerability can be triggered by sending a malformed request to the web server , and it will disclose device credentials to the attacker in clear text . “ The GoAhead web server is present on multiple embedded devices , from IP cameras to printers and other embedded devices , ” SecuriTeam explained , and urged owners to remove the device from the network , “ or at the very least not allow access to the web interface to anyone beside a very strict IP address range ”