News

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version…
Read more

Conviso acquired Gauntlet.io

ekoparty 2013 - Wrap Up of 1st Day

News

Spree Commerce Multiple Unsafe Reflection Vulnerabilities (CVE-2013-1656)

Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0. The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

Application Security

Ruby on Rails SQL Injection (CVE-2012-2695)

We found a SQL Injection vulnerability in Ruby on Rails that affected all versions and reported it to the Rails security team. On the 12th of June, they released an advisory [1], patches and new versions that fix it. This vulnerability was also independently reported by other researchers. These new patches actually fixed two variants of the CVE-2012-2661 case. We will cover them later. First…
Read more

Webinar: PIX and the Secure Development

Which topics should an AppSec Training Contemplate?

Product

Security Advisory | CVE-2010-3977 | cform Wordpress Plugin V 11.5

Introduction 1. Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL).
Read more

Managing the Secure Development Process

Integration with Jira and GitHub, a unified vision of vulnerabilities

Product

Security Advisory CVE 2010-1582 24/7 Real Media’s Open AdStream v.5.7

Introduction 1. Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL).
Read more

Managing the Secure Development Process

Integration with Jira and GitHub, a unified vision of vulnerabilities

News

Related Posts Word Press Plugin Cross Site Scripting Vulnerability -CVE-2011-0760

Introduction Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

News

Security Advisory: Recaptcha Word Press Plugin Cross Site ScriptingVulnerability | CVE 2011-0759

Introduction Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

News

LiveZilla Cross Site Scripting Vulnerability | CVE-2010-4276

Introduction Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

News

Embedded Video WordPress Plugin Cross Site Vulnerability (XSS) -CVE-2010-4277

Introduction Copyright and Disclaimer The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816