WildFly[1], formerly known as JBoss AS, or simply JBoss, is an application server authored by JBoss, now developed by Red Hat. WildFly is written in Java, and implements the Java Platform, Enterprise Edition (Java EE) specification. It runs on multiple platforms.WildFly is free and open-source software, subject to the requirements of the GNU Lesser General Public License (LGPL), version…
Spree Commerce [1] is “a 100% open source e-commerce platform powered by the popular Ruby on Rails framework. It was designed to make customization and upgrades as simple as possible”. We have found Multiple Unsafe Reflection [2] vulnerabilities on it that affected any version >= 1.0.0.
The vendor has provided patches that fix the flaws [3]. Our advisory with more detailed…
We found a SQL Injection vulnerability in Ruby on Rails that affected all versions and reported it to the Rails security team. On the 12th of June, they released an advisory [1], patches and new versions that fix it. This vulnerability was also independently reported by other researchers.
These new patches actually fixed two variants of the CVE-2012-2661 case. We will cover them later. First…
Introduction
1. Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL).
Introduction
1. Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL).
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…
Introduction
Copyright and Disclaimer
The information in this advisory is Copyright 2010 Conviso and provided so that the society can understand the risk they may be facing by running affected software, hardware or other components used on their systems. In case you wish to copy information from this advisory, you must either copy all of it or refer to this document (including our URL). No…