Select Page

vulnerabilities


WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

WordPress v4.5.3 vulnerable to Denial of Service (DoS) exploits via CVE-2016-6896 and CVE-2016-6897 – Here’s how to fix it

If your website runs on WordPress v4.5.3 website, attackers can now bring down your site through a Denial of Service attack. This is possible through two vulnerabilities that were disclosed on 22nd Aug:

  • CVE-2016-6897 – This is a Cross Site Request Forgery vulnerability by which an attacker can take over an authenticated user’s session (privilege escalation) using a forged HTML page.
  • CVE-2016-6896 – This is a Directory Traversal vulnerability which can be used by an attacker to crash the web server.

(more…)

64bit kernel exploit – Update

All major distributions have already released updates to their kernels which you can easily update using the corresponding package management system of your distribution. More about the fix and workaround after the jump.

(more…)

Vulnerabilities in exploitation kits?

Many hackers prefer to design and use their own tools to search for and attack vulnerable sites, but a majority of them use various exploitation “kits“. Some of the most common ones are Zeus, Neosploit, Eleonore and Justexploit. The developers of these kits constantly include 0-day vulnerabilities in the latest versions of their malware. Since most of these kits are open-source, users can also modify the code to include vulnerabilities known to them. Exploitation kits have been available for many years, and millions of users have suffered. However a study by recently established security company TEHTRI-Security suggest that the malware “kits” themselves have vulnerabilities!

(more…)