Cantemo AB is a software systems and technology vendor for major media outlets. The Cantemo Portal application is a high-performance media asset management tool. The latest version at the time of this research was version 3.8.4. Testing was performed on a pre-release version of 4.0.0. Through the cooperation of the vendor, it was determined to affect version 3.8.4 and older versions. Cantemo plans to patch the issue in v4.0.0.
News & Events
News tagged "Application Security"
The Simple – Better Banking Android application was affected by an information disclosure vulnerability that leaked user passwords to the keyboard autocomplete functionality. If exploited, this vulnerability could be leveraged to gain unauthorized access to user passwords. This could have adversely affected approximately more than several thousand users (as of publication, the app has been downloaded more than 100,000 times on the Google App Store).
To view the article, click here. The US railroad service provider Amtrak was recently notified about vulnerabilities in their mobile application that could have led to a massive data breach of its customers. The Cyware article – Critical Vulnerabilities Spotted in the Amtrak Mobile Application, discusses the research discovery made by Senior Security Analyst …
The Amtrak mobile APIs are affected by vulnerabilities that can directly lead to the exposure of Personally Identifiable Information (PII) and partial payment data for at least 6 million Amtrak guest rewards members. The Amtrak customers’ exposed PII includes full names, addresses and phone numbers.
OpenMRS is a collaborative open-source project through which users can develop software to support healthcare in developing countries. In 2017, OpenMRS was implemented on more than 3,000 sites and stored information for over 8.7 million active patients. A Bishop Fox researcher found a critical vulnerability in the software, which was recently patched.
A Bishop Fox researcher discovered a critical vulnerability in the popular Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.
To read the article, click here. Developer and security team’s goals in building new applications are often very different, and compliance can sometimes muddy up the process. Senior Security Analyst Joe Ward discussed several threads to help organizations to bring together application security and secure development in the Dark Reading article – Bringing …
PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc.
YunoHost is an application that is used to manage applications hosted on a Linux server. Additionally, it allows the user to manage the entire Linux system, including installed services, firewall rules, and system updates. The application’s official website is yunohost.org. Version 2.7.2 was released on August 22, 2017, and version 2.7.14 was released on June 28, 2018. This security advisory discusses several vulnerabilities Bishop Fox researchers found in it.
The Eaton power management appliance is manufactured by Eaton Corporation Plc. This equipment uses a web interface to allow administrators to configure it. Bishop Fox researchers identified three vulnerabilities in the appliance, described in this advisory.
This advisory describes 10 identified vulnerabilities found within the SV3C L-Series HD Camera, version 220.127.116.113-S50-NTD-B20170823B and below. This includes version V18.104.22.1683-S50-NTD-B20170508B, which is the version shipped on the camera by default.
CremeCRM is an open source CRM. It allows organizations to manage business data concerning customers, invoices, orders, and products. Its official website is www.cremecrm.com, and source code can be obtained on bitbucket.org/hybrid/. Version 1.6.12 was released on July 28, 2017. A Bishop Fox researcher found several security vulnerabilities in the CRM.