What a busy week it was. Endless critical vulnerabilities were found in major platforms. I decided to focus on three of them
1) (CRITICAL) RDP Remote code execution – you server allows incoming RDP (Terminal Server)? The most probably people can gain admin access without having a valid name and password:
2) Joomla! admin access – A malicious user can create an new account with elevated privileges (Admin) since the system doesn’t validate input properly. It’s also interesting reading the talkbacks at the bottom of that page.
3) Joomla! Predictable password – Joomla!’s random password generator was weak, since it used the predictable mt_rand function: