Explore top 10 tips to secure your open-source projects now. Read More

×
Alerts This Week
Warning Icon 1 524
Alerts This Week
Warning Icon 1 524

Stay Ahead With Linux Security News

Filter%20icon Refine news
X Clear Filters
X Clear Filters
View More

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200
Loading...

Explore Latest Linux Security news

We found -1 articles for you...
83

Drupal 8, 7, 6 Immediate Security Advisory For Critical Threats

Developers of popular open-source CMS Drupal are warning admins to immediately patch a flaw that an attacker can exploit just by visiting a vulnerable site.. The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page indicates that about a million sites are running the affected versions. . The bug affects all sites running on Drupal 8, Drupal 7, and Drupal 6. Drupal's project usage page i. developers, popular, open-source, drupal, warning, admins, immediately, patch. . LinuxSecurity.com Team

Calendar%202 Mar 29, 2018 User Avatar LinuxSecurity.com Team Hacks/Cracks
83

Drupal SQL Injection Threat Analysis: Importance of Timely Patching

Nearly six months have passed since a major Drupal SQL injection vulnerability was disclosed, and yet attackers are continuing to try, sometimes successfully, to exploit websites that have failed to update their systems. . Trustwave analyzed one such exploitation in a Friday blog post that, more than anything, stresses the importance of keeping up with patching, said Ryan Barnett, senior lead security researcher at Trustwave, in an interview with SCMagazine.com. The link for this article located at SC Magazine is no longer available. . Trustwave analyzed one such exploitation in a Friday blog post that, more than anything, stresses th. nearly, months, passed, since, major, drupal, injection, vulnerability, disclosed. . LinuxSecurity.com Team

Calendar%202 Mar 23, 2015 User Avatar LinuxSecurity.com Team Hacks/Cracks
79

Drupal Security Advisory: XSS Risk in Unfinished Modules Clarified

Webmasters running unfinished modules for Drupal do so at their own risk after the open-source CMS updated its guidelines on fixing security vulnerabilities.. The project has updated the wording on its security site on how it handles security fixes to clarify it will only work on vulnerabilities in completed code of modules that comprise the CMS. The change clarifies that modules in release-candidate mode will not be supported. Drupal will work with maintainers of modules that are code complete, with maintainers now given a deadline to fix the problem. If the deadline's missed, the module and the project will be unpublished from Drupal.org. Vulnerabilities in unfinished code will simply be flagged in the module's issue queue. The clarifications are a response to the discovery of a potentially serious XSS hole in the Drupal Context module three weeks after White House developers proudly released their own plug-in based on the buggy module. The link for this article located at The Register UK is no longer available. . Joomla enhances its safety protocols, restricting assistance solely to fully developed components, emphasizing risks associated with incomplete extensions.. Drupal Security Updates, Module Risks, CMS Guidelines. . LinuxSecurity.com Team

Calendar%202 Jun 11, 2010 User Avatar LinuxSecurity.com Team Security Projects
83

Drupal Context 6.x-2.0-rc4 Moderate: XSS Access Threat Mitigated

The development team behind the Drupal module Context have released version 6.x-2.0-rc4, which fixes a cross-site scripting (XSS) vulnerability when displaying block descriptions. If a user with 'administer blocks' permission clicks on a crafted link, JavaScript contained in the link is executed with the privileges of the Drupal page. Attackers can exploit this to gain access to a system. . Just a few weeks ago, a 'simple' XSS vulnerability in a bug-tracking system allowed root access to Apache Software Foundation servers, so XSS vulnerabilities are certainly not to be treated lightly. Update: According to Drupal security team member Heine Deelstra, there is no URL manipulation or JavaScript contained in the link itself involved in the exploitation of the vulnerability. The vulnerability occurs if a user with 'administrator blocks' permission has added JavaScript to a block description on the block administration page. The impact is low since not that many sites using context have role seperation between block admins and other admins. Only a small subsection of the sites using the context release candidate are affected. The link for this article located at H Security is no longer available. . The WordPress plugin Editor Enhancements resolves a minor CSRF vulnerability impacting user roles with editing privileges. Critical security update.. Drupal Security, XSS Attack, Context Module. . LinuxSecurity.com Team

Calendar%202 May 12, 2010 User Avatar LinuxSecurity.com Team Hacks/Cracks
News Add Esm H340

Get the latest News and Insights

Get the latest Linux and open source security news straight to your inbox.

Community Poll

Is continuous patching actually viable?

No answer selected. Please try again.
Please select either existing option or enter your own, however not both.
Please select minimum {0} answer(s).
Please select maximum {0} answer(s).
/main-polls/156-is-continuous-patching-actually-viable?task=poll.vote&format=json
156
radio
0
[{"id":503,"title":"Delayed updates invite catastrophic breaches.","votes":1,"type":"x","order":1,"pct":50,"resources":[]},{"id":504,"title":"Automated fixes break production environments.","votes":1,"type":"x","order":2,"pct":50,"resources":[]},{"id":505,"title":"Manual approvals cannot keep pace.","votes":0,"type":"x","order":3,"pct":0,"resources":[]}] ["#ff5b00","#4ac0f2","#b80028","#eef66c","#60bb22","#b96a9a","#62c2cc"] ["rgba(255,91,0,0.7)","rgba(74,192,242,0.7)","rgba(184,0,40,0.7)","rgba(238,246,108,0.7)","rgba(96,187,34,0.7)","rgba(185,106,154,0.7)","rgba(98,194,204,0.7)"] 350
bottom 200