Posted by Steffen Rösemann on Jan 12
Advisory: Reflecting XSS vulnerability in CMS Croogo v.2.2.0
Advisory ID: SROEADV-2015-02
Author: Steffen Rösemann
Affected Software: CMS Croogo v.2.20
Vendor URL: https://croogo.org
Vendor Status: solved
CVE-ID: –
==========================
Vulnerability Description:
==========================
The filemanager functionality in the administrative backend of CMS Croogo
v. 2.2.0 is prone to reflecting XSS attacks.
==================
Technical…
Posted by Steffen Rösemann on Jan 12
Advisory: Reflecting XSS vulnerability in CMS PHPKit WCMS v. 1.6.6
Advisory ID: SROEADV-2014-07
Author: Steffen Rösemann
Affected Software: CMS PHPKit WCMS v. 1.6.6 [Build: 1660014]
Vendor URL: http://www.phpkit.com/de/
Vendor Status: did not respond to issue
CVE-ID: –
==========================
Vulnerability Description:
==========================
The poll archive in the administrative backend of CMS PHPKit WCMS v. 1.6.6
is prone to…
Posted by Pietro Oliva on Jan 12
Vulnerability title: WordPress plugin Pods <= 2.4.3 XSS and CSRF vulnerabilities
vulnerabilities
Author: Pietro Oliva
CVE: CVE-2014-7956, CVE-2014-7957
Product: pods
Affected version: pods <= 2.4.3
Vulnerabilities fixed in version: 2.5
XSS vulnerability (CVE-2014-7956, authentication is needed):
http://localhost/wp-admin/admin.php?page=pods&action=edit&id=4"…
It was discovered that libmagic as used by PHP, would trigger an out
of bounds memory access when trying to identify a crafted file.
binutils ‘peXXigen.c’ Remote Denial of Service Vulnerability
binutils Remote Denial of Service Vulnerability
binutils Multiple Directory Traversal Vulnerabilities
binutils ‘ihex.c’ Stack Based Buffer Overflow Vulnerability
The truth is that the most important aspect of a password is actually length: a relatively simple but longer password is harder to crack than a really convoluted short one.
With that in mind, we put together a really simple method for you to create a strong password, and not go insane trying to remember it.
Little systems like these can help you create strong passwords easily. Updating them can be simple if you add a simple letter or number to change over time.
If you still find this too complicated, you can always use a password manager like RoboForm.
With a password manager, you’ll only need to remember a single master password: it will create new random passwords and remember them for you every time you need them.
SoftBB version 0.1.3 suffers from a remote SQL injection vulnerability.
