News

Security Advisory: Spree e-commerce JSON v.0.11x

Uma versão em PDF também está disponível | A PDF version is also available Spree e-commerce JSON Hijacking Vulnerabilities – CVE-2010-3978 Introduction Spree e-commerce is an open source commerce platform written for the Ruby on Rails framework supporting “Over 100 extensions created by our active and dedicated community”. This problem was confirmed in the following…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

News

JSON Hijacking Vulnerability

Trabalhando em conjunto com o Spree e a Locaweb, identificamos uma vulnerabilidade na aplicação que foi trabalhada junto com o fabricante dentro de nossa política de Responsible Disclosure, resultando em alterações no release 0.11.2 que corrigem o problema. Nos próximos dias iremos publicar o Security Advisory detalhando este ponto, mas você já pode ver no blog da Spree a descrição da…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816

News

Security Advisory: Cform Wordpress Plugin v 11 | CVE-2010-3977

Uma versão em PDF está também disponível | A PDF version is also available Introduction According to Delicious Days, “cforms is a powerful and feature rich form plugin for WordPress, offering convenient deployment of multiple Ajax driven contact forms throughout your blog or even on the same page.” This problem was confirmed in the following versions of the cforms WordPress Plugin…
Read more

Conviso acquired Gauntlet.io

WildFly 8 (JBossAS) Application Directory Traversal Vulnerability - CVE-2014-7816