Monthly Archives: June 2015

NVD

CVE-2015-5066 (genixcms)

Multiple cross-site scripting (XSS) vulnerabilities in the MetalGenix GeniXCMS 0.0.3 allow remote attackers to inject arbitrary web script or HTML via the (1) content or (2) title field in an add action in the posts page to index.php or the (3) q parameter in the posts page to index.php.

NVD

CVE-2015-5067 (netweaver)

The (1) Cross-System Tools and (2) Data Transfer Workbench in SAP NetWeaver have hardcoded credentials, which allows remote attackers to obtain access via unspecified vectors, aka SAP Security Note 2059659 and 2057982.

NVD

CVE-2015-5068

XML external entity (XXE) vulnerability in SAP Mobile Platform 3 allows remote attackers to read arbitrary files or possibly have other unspecified impact via a crafted XML request, aka SAP Security Note 2159601.

Drupal

HybridAuth Social Login – Less Critical – Access bypass – SA-CONTRIB-2015-127

Description

The HybridAuth Social Login module enables you to allow visitors to authenticate or login to a Drupal site using their identities from social networks like Facebook or Twitter.

The module allows account creation through social login when the configuration is set to allow user registration by administrators only.

This vulnerability is mitigated by the fact that a site must be configured to allow user registration by administrators only and that authenticated user accounts can access sensitive data that would otherwise not be shown to anonymous users.

CVE identifier(s) issued

  • A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.

Versions affected

  • HybridAuth Social Login 7.x-2.x versions prior to 7.x-2.13.

Drupal core is not affected. If you do not use the contributed HybridAuth Social Login module, there is nothing you need to do.

Solution

Install the latest version:

Also see the HybridAuth Social Login project page.

Reported by

Fixed by

Coordinated by

Contact and More Information

The Drupal security team can be reached at security at drupal.org or via the contact form at https://www.drupal.org/contact.

Learn more about the Drupal Security team and their policies, writing secure code for Drupal, and securing your site.

Follow the Drupal Security Team on Twitter at https://twitter.com/drupalsecurity

Drupal version: 
Drupal 7.x
Panda Security

25 years of security and innovation

It’s Panda’s Birthday. But this 2015 is not an ordinary anniversary. Tomorrow, June 25th, we turn 25, no more, no less!

Panda was born in 1990, which was also the date of the World Wide Web development, what a coincidence, right? It has been 25 years in which we had time to do many things but, at the same time, time has flied! 25 years researching, developing, analyzing and protecting our customers, both corporate and home users, against all Internet threats.

Despite all we could tell you here, it wouldn’t be enough! So, we think the best thing that we can do is to give you an overview of our 25 years of history with images. Thank you so much to all of you who have been part of it! :)

panda software

 

CeBIT 2001

CeBIT 2001

 

Bilbao Offices

Bilbao Offices, 2001

 

cebit, 2002

CEBIT, 2002

 

Cebit

CEBIT, 2003

 

PandaLabs

9 years ago… PandaLabs (2006)

 

panda - one step ahead

 

1st security blogger summit

1st Security Blogger Summit, 2009

 

panda-tres cantos

Old Offices in Tres Cantos (Madrid)

 

panda - the cloud security company

 

panda booth

Panda Booth at SIMO. 2007

 

open-windows

Open Windows Premiere. Madrid. 2014

 

news conference

Introducing Panda Security 2015 to the Media

 

Panda Security logo

 

Panda Kick Off

Panda Kick Off. Bilbao. 2015

 

simplexity

We’re Simplexity!

 

Congratulations and let’s enjoy another 25 years together! :)

 

birthday cake

The post 25 years of security and innovation appeared first on MediaCenter Panda Security.