News for security updates for web hosting industry
HostBill is a complete client management, billing and support system used by many web hosting companies. Recently they have released an update to address few bug fixes and new features. Following are the list of features and bug fixes address in HostBill Version 02-09-2014: Features: Added option to sort Knowledge base categories and articles. Added …
cPanel, Inc. has released EasyApache 3.26.7 with Apache version 2.2.29. This release addresses vulnerabilities CVE-2014-0118, CVE-2014-0231, CVE-2014-0226 and CVE-2013-5704. It is recommended all Apache 2.2 users to upgrade to Apache version 2.2.29. AFFECTED VERSIONS All versions of Apache 2.2 before version 2.2.29. SECURITY RATING The National Vulnerability Database (NIST) has given the following severity ratings …
Slider Revolution Plugin is a premium WordPress plugin used by many premium themes. This plugin is bundle with premium WordPress themes. Back in February 2014, there was a critical vulnerability discovered in this plugin. This was patched by the developers however it is possible that themes were not updated to use the latest version and …
WordPress Slider Revolution Plugin vulnerability Read More »
cPanel has released new builds for all public update tiers. These updates provide targeted changes to address security concerns with the cPanel & WHM product. These builds are currently available to all customers via the standard update system. cPanel has rated these updates as having security impact levels ranging from Minor to Important. If your …
cPanel TSR-2014-0007 Full Disclosure: cPanel has released a full disclosure for TSR-2014-0007. [1] Case 109049 Summary Arbitrary file overwrite in /scripts/synccpaddonswithsqlhost. Security Rating cPanel has assigned a Security Level of Important to this vulnerability. Description The synccpaddonswithsqlhost script performed unsafe file operations inside the home directories of unprivileged users while running with root’s permissions. By …
Red Hat has been made aware of a vulnerability affecting all versions of the bash package as shipped with Red Hat products. This vulnerability CVE-2014-6271 could allow for arbitrary code execution. Certain services and applications allow remote unauthenticated attackers to provide environment variables, allowing them to exploit this issue. A flaw was found in the …
Bash Code Injection Vulnerability – Bash Security Update Read More »
There was a critical vulnerability existed on all Bash package shipped with Red Hat. This affects all servers using RHEL 4, RHEL 5, RHEL 6 and RHEL 7. CentOS and CloudLinux servers were also affected by this. CloudLinux has released an update for Bash package to address this. The update the fixes bash remote vulnerability …
