Security

cPanel TSR-2017-0004 Full Disclosure

cPanel TSR-2017-0004 Full Disclosure SEC-263 Summary Stored XSS during WHM cPAddons install. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 3.9 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:C/C:L/I:L/A:N Description It was possible for an attacker to actively inject HTML into the WHM cPAddons screen during a moderated install. Credits This issue was discovered …

cPanel TSR-2017-0004 Full Disclosure Read More »

cPanel TSR-2017-0003 Full Disclosure

cPanel TSR-2017-0003 Full Disclosure SEC-234 Summary Horde MySQL to SQLite conversion can leak database password. Security Rating cPanel has assigned this vulnerability a CVSSv3 score of 2.2 CVSS:3.0/AV:L/AC:H/PR:L/UI:R/S:U/C:L/I:N/A:N Description If the Horde MySQL to SQLite conversion script requires a password reset on the MySQL database, the new password was passed …

cPanel TSR-2017-0003 Full Disclosure Read More »

WordPress 4.7.5 Security and Maintenance Release

WordPress 4.7.5 is now available. This is a security release for all previous versions and we strongly encourage you to update your sites immediately. WordPress versions 4.7.4 and earlier are affected by six security issues: Insufficient redirect validation in the HTTP class. Reported by Ronni Skansing. Improper handling of post meta data values in the XML-RPC […]

WordPress 4.7.5 Security and Maintenance Release Read More »