CubeCart version 6.1.5 released What has changed in CubeCart V6.1.5 This release contains two minor security issues, several new hooks, two new functional improvements and 40 plus bug fixes. The two low risk security fixes are detailed in issues 1491 and 1492 and while these are not too serious, it is always recommended to upgrade for any security issue. However, if you are still running […]
Multiple High Risk Vulnerabilities in all Magento 1 Websites A large number (seventeen in total !) of security vulnerabilities have recently been announced by Magento, many of which are rated as critical and high and should therefore be patched as soon as possible using patch SUPEE-8788. Using the following release versions, Community Edition 1.9.3 or Enterprise Edition 1.14.3, are alternate ways to fix these issues. […]
Three Joomla security issues have recently been disclosed The three vulnerabilities which affect versions 1.0.6 through 3.6.0 are as follows : • [20160802] – Core – XSS Vulnerability • [20160801] – Core – ACL Violation • [20160803] – Core – CSRF Specific details of each of the vulnerabilities : [20160802] – Core – XSS Vulnerability Project: Joomla! SubProject: CMS Severity: Low Versions: 1.6.0 through 3.6.0 […]
WordPress 4.4.2 Security and Maintenance Release. WordPress 4.4.2 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.4.1 and earlier are affected by two security issues: a possible SSRF for certain local URIs and an open redirection attack. In addition to the security issues above, WordPress 4.4.2 fixes 17 bugs […]
Dangerous Stored XSS Vulnerability in Magento During an audit of their WAF, Sucuri discovered a dangerous, but also easy to exploit, Stored XSS Vulnerability in all versions of Magento. The issue could allow attackers to take over your site, create new administrator accounts, steal client information – in fact anything a legitimate administrator account is allowed to do ! Sucuri responsibly disclosed this to the […]
Credit Card Hijacking Vulnerability in Magento Stores Magento has just released information regarding a serious javascript malware issue which uses malicious code to harvest credit card credentials. A small Javascript snippet is embedded in the website, which then collects and sends out data from the checkout payment page to a range of different external websites. from information already gathered it appears that over 3.500 sites […]
CubeCart version 6.0.8 released What has changed in CubeCart V6.0.8 This release is a maintenance release with no significant functional changes. It does include three low risk security patches for issues 795, 845 and 846 – if you are still running a version below 6.0.7 then an immediate upgrade is VERY strongly recommended due to the critical security issue patched in that version. The release […]
Critical Security Issue in CubeCart V5 and V6 What versions of CubeCart are affected Affected versions are 5.2.12 through to 6.0.6. What is the security issue If an administrator’s email is known to a hacker it may be possible to take control of the account and have complete access to the store’s control panel. What steps should be taken CubeCart have released a patch for […]
WordPress 4.2.4 Security and Maintenance Release. WordPress 4.2.4 is now available and as this is a security release for all previous versions with no less than SIX security issues found and fixed, we strongly encourage you to update your sites immediately. WordPress versions 4.2.3 and earlier are affected by three further cross-site scripting vulnerabilities and a potential SQL injection that could be used to compromise […]
WordPress 4.2.3 Security and Maintenance Release. WordPress 4.2.3 is now available and as this is a critical security release for all previous versions, we strongly encourage you to update your sites immediately. WordPress versions 4.2.3 and earlier are affected by a critical cross-site scripting vulnerability, which could allow anonymous users to compromise a site. It also fixes an issue where it was possible for a […]