Monthly Archives: January 2017

NVD

CVE-2016-8213 (documentum_administrator, documentum_capital_projects, documentum_taskspace, documentum_webtop)

EMC Documentum WebTop Version 6.8, prior to P18 and Version 6.8.1, prior to P06; and EMC Documentum TaskSpace version 6.7SP3, prior to P02; and EMC Documentum Capital Projects Version 1.9, prior to P30 and Version 1.10, prior to P17; and EMC Documentum Administrator Version 7.0, Version 7.1, and Version 7.2 prior to P18 contain a Stored Cross-Site Scripting Vulnerability that could potentially be exploited by malicious users to compromise the affected system.

NVD

CVE-2016-10102 (automize)

hitek.jar in Hitek Software’s Automize uses weak encryption when encrypting SSH/SFTP and Encryption profile passwords. This allows an attacker to retrieve the encrypted passwords from sshProfiles.jsd and encryptionProfiles.jsd and decrypt them to recover cleartext passwords. All 10.x up to and including 10.25 and all 11.x up to and including 11.14 are verified to be affected.

NVD

CVE-2017-5553 (b2evolution)

Cross-site scripting (XSS) vulnerability in plugins/markdown_plugin/_markdown.plugin.php in b2evolution before 6.8.5 allows remote authenticated users to inject arbitrary web script or HTML via a javascript: URL.

Avast

Cybersecurity threatscape: Bigger and badder than ever

The reason cybersecurity is a process, not a one-time solution, is that the Bad Guys – whether careless or malicious employees, hacktivists, cybercriminals, or rogue governments (not to be confused with the good governments, which only spy on us for our benefit) – are a problem that will never go away. Every new and improved security measure is only as good as the people who use it and only effective until somebody comes up with a way to beat it.

Joomla

CVE-2016-9081

Joomla! 3.4.4 through 3.6.3 allows attackers to reset username, password, and user group assignments and possibly perform other user account modifications via unspecified vectors. (CVSS:7.5) (Last Update:2017-01-25)