store | blogs | forums | twitter | facebook | wiki | downloads | support portal
Atomic Secure Linux
It is currently Tue Oct 15, 2019 11:29 pm

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]




Post new topic Reply to topic  [ 1 post ] 
Author Message
 Post subject: Threat/Vulnerability report week of January 1st
Unread postPosted: Mon Jan 08, 2018 4:05 pm 
Offline
Atomicorp Staff - Site Admin
Atomicorp Staff - Site Admin
User avatar

Joined: Thu Feb 07, 2008 7:49 pm
Posts: 4086
Location: Chantilly, VA
This report is an analysis of all published vulnerabilities in any product, weaknesses in technologies, exploits Internet wide, current internet threats associated with platforms and products our customer use, and if any action is required to protect their assets from these these vulnerabilities, weaknesses and exploits depending on the Atomicorp product they are using.

Please see this forum post for an explanation of the categories used in this report.

CVEs are sometimes created after a vulnerability is published (sometimes far after it has been made public). When CVEs are referenced, it is because a CVE was created today, not because an issue was resolved today, and it is included here for reference.

ASL users

Summary: All modern CPUs are vulnerable to the "Meltdown" and "Spectre" vulnerabilities. Updates are available for ASL to address these vulnerabilities in the platforms CPU(s). There is no indication this vulnerability is being exploited at this time, however customers are recommended to update.

Already protected against/Known Method/No update required

Atlassian Bamboo Code Execution / Argument Injection
Froxlor 0.9.37 HTML Injection
WordPress Smart Google Code Inserter SQL Injection
Joomla EXP Auto 4.2.3 SQL Injection
Atmail 7.1.1 PRO Cross Site Scripting
EMC xPression 4.5SP1 Patch 13 SQL Injection
Joomla RealEstateManager 4.2.0 SQL Injection
Joomla VehicleManager 3.9.15 SQL Injection
Joomla JomDirectory 4.4 SQL Injection
Lara Overflow 1.0 Cross Site Scripting
Career Portal 1.0 Cross Site Scripting
Eventsys Events Management System 1.0 Cross Site Scripting
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
Ebook CMS 1.0 Cross Site Scripting
Joomla VP Conversion Tracking 1.7 SQL Injection
Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting
Joomla! JEXTN Membership 3.1.0 SQL Injection
Easy Web Grabber 1.0.0 Cross Site Scripting
PHP Melody 2.7.1 SQL Injection
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability

New Method/Update Available

Meltdown CPU vulnerability (CVE-2017-5754)
Spectre CPU vulnerability (CVE-2017-5753 and CVE-2017-5715)
Boost My Campaign 1.1 Information Disclosure


Doesnt protect against/Solution

None.

Potential Vulnerability/Solution

None.

Rules only users

Summary:

All modern CPUs are vulnerable to the "Meltdown" and "Spectre" vulnerabilities. Web Application Firewalls (WAFs) can not protect against these vulnerabilities. Users should upgrade to ASL, which protects against this, or should contact their operating system vendors and where appropriate their virtualization and hosting vendors to ensure their entire platform is protected against these vulnerabilties.

Already protected against/Known Method/No update required

Atlassian Bamboo Code Execution / Argument Injection
Froxlor 0.9.37 HTML Injection
WordPress Smart Google Code Inserter SQL Injection
Joomla EXP Auto 4.2.3 SQL Injection
Atmail 7.1.1 PRO Cross Site Scripting
EMC xPression 4.5SP1 Patch 13 SQL Injection
Joomla RealEstateManager 4.2.0 SQL Injection
Joomla VehicleManager 3.9.15 SQL Injection
Joomla JomDirectory 4.4 SQL Injection
Lara Overflow 1.0 Cross Site Scripting
Career Portal 1.0 Cross Site Scripting
Eventsys Events Management System 1.0 Cross Site Scripting
Your Doctor Medical And Doctor Website CMS 1.0 Cross Site Scripting
Ebook CMS 1.0 Cross Site Scripting
Joomla VP Conversion Tracking 1.7 SQL Injection
Joomla! JEXTN Groupbuy 4.0.0 Cross Site Scripting
Joomla! JEXTN Membership 3.1.0 SQL Injection
Easy Web Grabber 1.0.0 Cross Site Scripting
PHP Melody 2.7.1 SQL Injection
b2evolution CMS 6.6.0 - 6.8.10 PHP code execution
Advertisement board Joomla classifieds extension 3.2.0 - Remote Shell Upload Vulnerability

New Method/Update Available

None.

Doesnt protect against/Solution

Web application firewalls can not protect against system level vulnerabilities such as:

Meltdown CPU vulnerability (CVE-2017-5754)
Spectre CPU vulnerability (CVE-2017-5753 and CVE-2017-5715)

Users should upgrade to ASL, which protects against these vulnerabilities, or should contact their operating system vendors and where appropriate their virtualization and hosting vendors to ensure their entire platform is protected against these vulnerabilities.

Potential Vulnerability/Solution

None.

_________________
Michael Shinn
Atomicorp - Security For Everyone


Top
 Profile  
Reply with quote  
Display posts from previous:  Sort by  
Post new topic Reply to topic  [ 1 post ] 

» Feed - Atomicorp

All times are UTC - 5 hours [ DST ]


Who is online

Users browsing this forum: No registered users and 0 guests


You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot post attachments in this forum

Search for:
Jump to:  
cron
Powered by phpBB © 2000, 2002, 2005, 2007 phpBB Group