In /framework/modules/notfound/controllers/notfoundController.php of Exponent CMS 2.4.0 patch1, untrusted input is passed into getSearchResults. The method getSearchResults is defined in the search model with the parameter ‘$term’ used directly in SQL. Impact is a SQL injection.
Monthly Archives: November 2016
Adobe fined $1 million for 2013 data breach
The financial repercussions of a data breach have been highlighted by the $1 million fine handed out to Adobe Systems for a 2013 security incident.
The post Adobe fined $1 million for 2013 data breach appeared first on WeLiveSecurity.
Nearly 78% say they want to leave social media but fear of losing friends and posts makes them stay
Research conducted by cybersecurity firm Kaspersky Lab shows that the vast majority of people want to leave social networks, often because they are a waste of time.
Microsoft Edge CAttrArray::Destroy Use-After-Free
A specially crafted web-page can cause Microsoft Edge to free memory used for a CAttrArray object. The code continues to use the data in freed memory block immediately after freeing it. It does not appear that there is enough time between the free and reuse to exploit this issue.
Windows VHDMP Arbitrary File Creation Privilege Escalation
The VHDMP driver does not safely create files related to Resilient Change Tracking leading to arbitrary file overwrites under user control leading to elevation of privilege.
Bugtraq: [security bulletin] HPSBUX03665 rev.2 – HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
[security bulletin] HPSBUX03665 rev.2 – HP-UX Tomcat-based Servlet Engine, Remote Denial of Service (DoS) and URL Redirection
Bugtraq: CVE-2016-4484: – Cryptsetup Initrd root Shell
CVE-2016-4484: – Cryptsetup Initrd root Shell
Bugtraq: Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset
Actiontec WCB3000N (Telus Branded) Local Unauthenticated Privilege Elevation and Password Reset
Bugtraq: Re: [oss-security] CVE-2016-4484: – Cryptsetup Initrd root Shell
Re: [oss-security] CVE-2016-4484: – Cryptsetup Initrd root Shell
Re: [oss-security] CVE-2016-4484: – Cryptsetup Initrd root Shell
Posted by Leo Famulari on Nov 15
Hi,
Can you clarify which versions are affected?
The latest upstream version is 1.7.3:
https://gitlab.com/cryptsetup/cryptsetup/commits/master
What is the 2:1 version?