In Other News

WordPress – Another SQL injection vector has been discovered. This time the vulnerability is in the search function.  At this time it is known to be exploitable using the character sets Big5 and GBK. Other character sets may that use a backslash as a part of the character may also be exploitable. Successful attacks can reveal the contents of the underlying database or be used in conjunction with other vulnerabilities to gain administrative privileges on the host server.

HP Laptops – Multiple Hewlett-Packard notebooks are vulnerable to a remote code execution via the pre-loaded “HP Info Center” software. An ActiveX control within the software is the cause of the vulnerability. A patch is not yet available for this issue.

SquirrelMail GPG Plugin – Two vulnerabilities have been discovered in this plugin. The first issue can allow a user to delete or modify files that are owned by the web site user. The second issue allows users to modify the html of the displayed message.

Leave a Reply