JBoss RichFaces before 4.5.4 allows remote attackers to inject expression language (EL) expressions and execute arbitrary Java code via the do parameter.
Monthly Archives: March 2015
CVE-2015-2682
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 allows remote attackers to obtain credentials via a direct request to conf/securitydbData.xml.
CVE-2015-2683
Citrix Command Center before 5.1 Build 35.4 and 5.2 before Build 42.7 does not properly restrict access to the Advent Java Management Extensions (JMX) Servlet, which allows remote attackers to execute arbitrary code via unspecified vectors to servlets/Jmx_dynamic.
CVE-2015-2746
The network diagnostics tool (CommandLineServlet) in the Appliance Manager command line utility (CLU) in Websense TRITON 7.8.3 and V-Series appliances before 7.8.4 Hotfix 02 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the “second” parameter of a command, as demonstrated by the Destination parameter in the ping command.
CVE-2015-2747
Multiple cross-site scripting (XSS) vulnerabilities in the data loss prevention (DLP) incident Forensics Preview in Websense Triton 7.8.3 and V-Series 7.7 appliances allow remote attackers to inject arbitrary web script or HTML via a crafted (1) email or (2) HTTP request, which triggers a DLP Policy.
CVE-2015-2748
Websense TRITON AP-WEB before 8.0.0 does not properly restrict access to files in explorer_wse/, which allows remote attackers to obtain sensitive information via a direct request to a (1) Web Security incident report or the (2) Explorer configuration (websense.ini) file.
ESET’s Mark James on addressing business security employee issues
ESET’s Mark James on the issues employees have with business security measures, and how to counter the difficulties without compromising safety.
The post ESET’s Mark James on addressing business security employee issues appeared first on We Live Security.
PoSeidon Malware attacks Point of Sale credit card transactions
Point of Sale credit card terminals are under threat from a new malware named PoSeidon, thought to be more dangerous than the Zeus exploit kit that was used to steal millions of card details from Target customers.
The post PoSeidon Malware attacks Point of Sale credit card transactions appeared first on We Live Security.
The Avira experience @ CeBIT
The week’s highlights: Moscow calling
3,300 exhibitors from 70 different nations did their best at offering visitors useful information and unique experiences related to their products: all digital, all shiny and new…pure joy and innovation.
If you ask us, robots were the keyword of this CeBIT edition. Walking around, there was always a robot right around the corner either imitating the human language or just transporting umbrellas to the ceiling and back. Sweet and scary.
Ed Snowden’s presentation was also one of the most expected moments by the crowd gathered in the Global Conferences Space. During a video call from Moscow, Snowden answered some questions but also tried to give away some of his future plans. To use his own words: “I think that something has gone incredibly wrong. So I did what I did. And I would do it again!”
If you want to get a better feel for what happened this year at CeBIT, there’s a whole collection of videos on the official site of the event.
The Avira Stand
Members of the Avira Team were permanently present at the D40 stand in Hall 7, in the space dedicated to Public Sector entities. It was great to have our stand under the Hessen region umbrella, one of our long term partners in Germany. Our presence at the stand allowed us to get in touch not only with potential customers but also with current and future partners. Needless to say that we are always glad to interact with the people we create software for. We’ll also try to bring even more Avira umbrellas with us next year; they seem to be unbelievably popular among our German friends.
“Schutzpaket” officially released
For us, one of the event’s highlights was represented by the release of the “Schutzpaket” by Deutsche Telekom. In case you haven’t already heard about it, Deutsche Telekom will start offering a free security package with Software made in Germany. You may find in the Schutzpaket not only our antivirus but also the Avira Browser Safety solution. It is both an honor and a great responsbility to be part of such an important initiative.
Looking forward to the next edition of CeBIT, hope to see you there!
The post The Avira experience @ CeBIT appeared first on Avira Blog.