[Security News] Backdoor in WordPress plugin Captcha

On the 19th of Decembrer 2017 The website Wordfence has published an article after the discovery of a backdoor in the WordPress plugin Captcha.

How it works ?

This flaw might allow somebody to modify the WordPress website code.

The way the flaw has been coded the backdoor could be used not only by the backdoor coder but anybody.

Am i concerned ?

Drupal SA-CORE-2014-005 security flaw

October 15, 2014, the Drupal security team discovered a critical security flaw, referenced under code CVE-2014-3704. On 29 October, Drupal has publicly announced the discovery of this vulnerability with a patch.

- What is it allows?

Patches debian flaw Shellshock

IKoula teams made debian packages available to the community for versions that are no longer supported, namely:

  • Debian 3.1 32 bit
  • Debian 4 32 bit
  • Debian 4 64 bit
  • Debian 5 32 bit
  • Debian 5 64 bit

These packages include fixes for vulnerabilities:

  • CVE-2014-6271-> Shellshock v1, the first version of the exploit of the flaw
  • CVE-2014-7169-> Shellshock v2, the second
  • CVE-2014-6277 & CVE-2014-6278-> other two flaws put forward during the ShellShock fault resolution.

Major fault of the bash shell

Update 2014-09-26 12:30 UTC + 1

The CVE-2014-7169 fault seems to be patched by most of the package maintainers. We invite you to redo an update of your bash.

In the bash shell security flaw

A major vulnerability on the bash shell has just be discovered.

Since when does it exist?

This flaw has existed since at least version 3 of bash, which makes it is very widespread.

- What is it allows?

The flaw exploits the fact that the Shell bash, at the time or it is started, does not stop the interpretation to where it should when there are definitions of variables or functions of environment and executes orders placed in arguments.

[Security flaw]: servers using OpenSSL

January 6, 2014, a security vulnerability was published about the servers using OpenSSL. This flaw is considered serious because it allows to perform a denial of service attack.

You will find details of the vulnerability at the following address:

are impacted by this flaw, systems using OpenSSL versions: 1.0.1e 1.0.1d 1.0.1c, 1.0.1b, 1.0.1a, 1.0.1


[Serious] flaw on the servers running on Linux OS

May 14, 2013, an exploit was published about the servers running a Linux OS. This fault is considered to be very serious because it allows a user any to take control of the root account.

You will find details of the exploit at the following address: http://www.exploit-db.com/exploits/25444/

[Moderate] fault on the Plesk Panel management interface

Qualified moderate vulnerability has been discovered concerning the management Plesk Panel interface. The latter affects machines running on a GNU/Linux OS and would allow the attackers to take control of your Plesk Panel interface.

Below is the list of versions impacted with links to patches:

[Security] Service BIND vulnerabilities

Characterized as a serious vulnerability was discovered on the BIND service. This vulnerability affects machines running on a GNU/Linux OS and would allow the attackers to cause saturation of the RAM of your server.
The following versions of BIND are impacted:

  • 9.7.x
  • 9.8.0-> 9.8.5b1
  • 9.9.0-> 9.9.3b1