Introduction During past two weeks or so, we’ve seen plenty of botnet-based malicious spam (malspam) pushing Locky ransomware. In recent days, I’ve noticed multiple waves of malspam every weekday. It gets a bit...
Read MoreThe installation process for SOPlanning 1.32 and earlier allows remote authenticated users with a prepared database, and access to an existing database with a crafted name, or permissions to create arbitrary databases, or if PHP...
Read MoreDesignate 2015.1.0 through 1.0.0.0b1 as packaged in OpenStack Kilo does not enforce RecordSets per domain, and Records per RecordSet quotas when processing an internal zone file transfer, which might allow remote attackers to...
Read MoreDirectory traversal vulnerability in the file_get_contents function in SOPlanning 1.32 and earlier allows remote attackers to determine the existence of arbitrary files via a .. (dot dot) in a URL path parameter.
Read MoreSoplanning 1.32 and earlier generates static links for sharing ICAL calendars with embedded login information, which allows remote attackers to obtain a calendar owner’s password via a brute-force attack on the embedded...
Read More