This papers discusses security and the REST API. Specifically discussed is a security implementation using OAUTH as part of the security framework to protect access to resources (data and services).
Monthly Archives: January 2016
Ganeti Denial Of Service / Information Disclosure
Ganeti suffers from unauthenticated information disclosure and denial of service vulnerabilities.
DSA-3435 git – security update
Blake Burkhart discovered that the Git git-remote-ext helper incorrectly
handled recursive clones of git repositories. A remote attacker could
possibly use this issue to execute arbitary code by injecting commands
via crafted URLs.
DSA-3434 linux – security update
Several vulnerabilities have been discovered in the Linux kernel that
may lead to a privilege escalation, denial of service or information
leak.
Atlassian Confluence XSS / Insecure Direct Object Reference
Atlassian Confluence suffers from cross site scripting and insecure direct object reference vulnerabilities. The cross site scripting affects versions 5.2, 5.8.14, and 5.8.15. The reference vulnerability affects versions 5.9.1, 5.8.14, and 5.8.15.
BulletProof Security .52.4 Cross Site Scripting
BulletProof Security version .52.4 suffers from a cross site scripting vulnerability.
PHPIPAM 1.1.010 CSRF / XSS / SQL Injection
PHPIPAM version 1.1.010 suffers from cross site request forgery, cross site scripting, and remote SQL injection vulnerabilities.
Office Document Reader 5.1.13 XSS / CSRF
Office Document Reader version 5.1.13 suffers from cross site request forgery and cross site scripting vulnerabilities.
Rejetto HTTP File Server 2.3.x Remote Code Execution
Rejetto HTTP File Server (HFS) version 2.3.x remote code execution exploit.
Pdfium Buffer Overflow
Pdfium suffers from a stack-based buffer overflow in CPDF_Function:Call.