Site web ikoula

fault

[Security News] Backdoor in WordPress plugin Captcha

Submitted by thomas 21Dec
2017

On the 19th of Decembrer 2017 The website Wordfence has published an article after the discovery of a backdoor in the WordPress plugin Captcha.

How it works ?

This flaw might allow somebody to modify the WordPress website code.

The way the flaw has been coded the backdoor could be used not only by the backdoor coder but anybody.

Am i concerned ?

Tags: 


Drupal SA-CORE-2014-005 security flaw

Submitted by nicolas 05Nov
2014

October 15, 2014, the Drupal security team discovered a critical security flaw, referenced under code CVE-2014-3704. On 29 October, Drupal has publicly announced the discovery of this vulnerability with a patch.

- What is it allows?

Tags: 


Patches debian flaw Shellshock

Submitted by nicolas 30Sep
2014

IKoula teams made debian packages available to the community for versions that are no longer supported, namely:

  • Debian 3.1 32 bit
  • Debian 4 32 bit
  • Debian 4 64 bit
  • Debian 5 32 bit
  • Debian 5 64 bit

These packages include fixes for vulnerabilities:

  • CVE-2014-6271-> Shellshock v1, the first version of the exploit of the flaw
  • CVE-2014-7169-> Shellshock v2, the second
  • CVE-2014-6277 & CVE-2014-6278-> other two flaws put forward during the ShellShock fault resolution.

Tags: 


Major fault of the bash shell

Submitted by Anonyme (not verified) 25Sep
2014

Update 2014-09-26 12:30 UTC + 1

The CVE-2014-7169 fault seems to be patched by most of the package maintainers. We invite you to redo an update of your bash.

Tags: 


In the bash shell security flaw

Submitted by nicolas 25Sep
2014

A major vulnerability on the bash shell has just be discovered.

Since when does it exist?

This flaw has existed since at least version 3 of bash, which makes it is very widespread.

- What is it allows?

The flaw exploits the fact that the Shell bash, at the time or it is started, does not stop the interpretation to where it should when there are definitions of variables or functions of environment and executes orders placed in arguments.

Tags: 


[Security flaw]: servers using OpenSSL

Submitted by Anonyme (not verified) 15Jan
2014
January 6, 2014, a security vulnerability was published about the servers using OpenSSL. This flaw is considered serious because it allows to perform a denial of service attack.

You will find details of the vulnerability at the following address:
http://www.openssl.org/news/vulnerabilities.html

are impacted by this flaw, systems using OpenSSL versions: 1.0.1e 1.0.1d 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1

Tags: 


[Serious] flaw on the servers running on Linux OS

Submitted by Anonyme (not verified) 17May
2013
May 14, 2013, an exploit was published about the servers running a Linux OS. This fault is considered to be very serious because it allows a user any to take control of the root account.

You will find details of the exploit at the following address: http://www.exploit-db.com/exploits/25444/

Tags: 


[Moderate] fault on the Plesk Panel management interface

Submitted by Anonyme (not verified) 17Apr
2013
Qualified moderate vulnerability has been discovered concerning the management Plesk Panel interface. The latter affects machines running on a GNU/Linux OS and would allow the attackers to take control of your Plesk Panel interface.

Below is the list of versions impacted with links to patches:

Tags: 


[Security] Service BIND vulnerabilities

Submitted by Anonyme (not verified) 08Apr
2013
Characterized as a serious vulnerability was discovered on the BIND service. This vulnerability affects machines running on a GNU/Linux OS and would allow the attackers to cause saturation of the RAM of your server.
The following versions of BIND are impacted:

  • 9.7.x
  • 9.8.0-> 9.8.5b1
  • 9.9.0-> 9.9.3b1

Tags: