This report is an analysis of all published vulnerabilities in any product, weaknesses in technologies, exploits Internet wide, current internet threats associated with platforms and products our customer use, and if any action is required to protect their assets from these these vulnerabilities, weaknesses and exploits depending on the Atomicorp product they are using.
Please see this forum post for an explanation of the categories used in this report.
CVEs are sometimes created after a vulnerability is published (sometimes far after it has been made public). When CVEs are referenced, it is because a CVE was created today, not because an issue was resolved today, and it is included here for reference.
ASL users
Summary: All modern CPUs are vulnerable to the "Meltdown" and "Spectre" vulnerabilities. Updates are available for ASL to address these vulnerabilities in the platforms CPU(s). There is no indication this vulnerability is being exploited at this time, however customers are recommended to update.
Already protected against/Known Method/No update required
Atlassian Bamboo Code Execution / Argument Injection
Froxlor 0.9.37 HTML Injection
WordPress Smart Google Code Inserter SQL Injection
Joomla EXP Auto 4.2.3 SQL Injection
Atmail 7.1.1 PRO Cross Site Scripting
EMC xPression 4.5SP1 Patch 13 SQL Injection
Joomla RealEstateManager 4.2.0 SQL Injection
Joomla VehicleManager 3.9.15 SQL Injection
Joomla JomDirectory 4.4 SQL Injection
Lara Overflow 1.0 Cross Site Scripting
Career Portal 1.0 Cross Site Scripting
Eventsys Events Management System 1.0 Cross Site Scripting
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
Ebook CMS 1.0 Cross Site Scripting
Joomla VP Conversion Tracking 1.7 SQL Injection
Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting
Joomla! JEXTN Membership 3.1.0 SQL Injection
Easy Web Grabber 1.0.0 Cross Site Scripting
PHP Melody 2.7.1 SQL Injection
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability
New Method/Update Available
Meltdown CPU vulnerability (CVE-2017-5754)
Spectre CPU vulnerability (CVE-2017-5753 and CVE-2017-5715)
Boost My Campaign 1.1 Information Disclosure
Doesnt protect against/Solution
None.
Potential Vulnerability/Solution
None.
Rules only users
Summary:
All modern CPUs are vulnerable to the "Meltdown" and "Spectre" vulnerabilities. Web Application Firewalls (WAFs) can not protect against these vulnerabilities. Users should upgrade to ASL, which protects against this, or should contact their operating system vendors and where appropriate their virtualization and hosting vendors to ensure their entire platform is protected against these vulnerabilties.
Already protected against/Known Method/No update required
Atlassian Bamboo Code Execution / Argument Injection
Froxlor 0.9.37 HTML Injection
WordPress Smart Google Code Inserter SQL Injection
Joomla EXP Auto 4.2.3 SQL Injection
Atmail 7.1.1 PRO Cross Site Scripting
EMC xPression 4.5SP1 Patch 13 SQL Injection
Joomla RealEstateManager 4.2.0 SQL Injection
Joomla VehicleManager 3.9.15 SQL Injection
Joomla JomDirectory 4.4 SQL Injection
Lara Overflow 1.0 Cross Site Scripting
Career Portal 1.0 Cross Site Scripting
Eventsys Events Management System 1.0 Cross Site Scripting
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
Ebook CMS 1.0 Cross Site Scripting
Joomla VP Conversion Tracking 1.7 SQL Injection
Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting
Joomla! JEXTN Membership 3.1.0 SQL Injection
Easy Web Grabber 1.0.0 Cross Site Scripting
PHP Melody 2.7.1 SQL Injection
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability
New Method/Update Available
None.
Doesnt protect against/Solution
Web application firewalls can not protect against system level vulnerabilities such as:
Meltdown CPU vulnerability (CVE-2017-5754)
Spectre CPU vulnerability (CVE-2017-5753 and CVE-2017-5715)
Users should upgrade to ASL, which protects against these vulnerabilities, or should contact their operating system vendors and where appropriate their virtualization and hosting vendors to ensure their entire platform is protected against these vulnerabilities.
Potential Vulnerability/Solution
None.