A Bishop Fox researcher discovered a critical vulnerability in the popular Silverpeas application, a popular open source WEB platform that services multiple high-profile French organizations.
News & Events
News tagged "Application Security"
To read the article, click here. Developer and security team’s goals in building new applications are often very different, and compliance can sometimes muddy up the process. Senior Security Analyst Joe Ward discussed several threads to help organizations to bring together application security and secure development in the Dark Reading article – Bringing …
PhpSpreadsheet is a library written in pure PHP that provides a set of classes allowing users to read from and write to different spreadsheet file formats, such as Excel and LibreOffice Calc.
YunoHost is an application that is used to manage applications hosted on a Linux server. Additionally, it allows the user to manage the entire Linux system, including installed services, firewall rules, and system updates. The application’s official website is yunohost.org. Version 2.7.2 was released on August 22, 2017, and version 2.7.14 was released on June 28, 2018. This security advisory discusses several vulnerabilities Bishop Fox researchers found in it.
The Eaton power management appliance is manufactured by Eaton Corporation Plc. This equipment uses a web interface to allow administrators to configure it. Bishop Fox researchers identified three vulnerabilities in the appliance, described in this advisory.
This advisory describes 10 identified vulnerabilities found within the SV3C L-Series HD Camera, version 220.127.116.113-S50-NTD-B20170823B and below. This includes version V18.104.22.1683-S50-NTD-B20170508B, which is the version shipped on the camera by default.
CremeCRM is an open source CRM. It allows organizations to manage business data concerning customers, invoices, orders, and products. Its official website is www.cremecrm.com, and source code can be obtained on bitbucket.org/hybrid/. Version 1.6.12 was released on July 28, 2017. A Bishop Fox researcher found several security vulnerabilities in the CRM.
To go to the nominations, click here. The Pwnie Awards is an annual awards ceremony celebrating the achievements and failures of security researchers and the security community. Senior Security Associate Nick Freeman’s A Bug Has No Name CVE-2017-11779 vulnerability in client-side network protocol parsing on Windows was recently nominated for the Pwnie for …
Jirafeau is an open source file sharing web application, distributed under an AGPL version 3 license. It is a fork of the project Jyraphe and allows users to share files for a defined period and protect downloads via a password. The project’s official website is gitlab.com/mojo42/Jirafeau. The latest version of the application is 3.3.0, released on September 8, 2017. Ten vulnerabilities were identified within the Jirafeau web application – five cross-site scripting vulnerabilities (two stored and three reflected) as well as five cross-site request forgery vulnerabilities.
Santa Clara, CA, May 30, 2018 (PR Web) – ioTium, the first commercially deployed secure Edge-Cloud infrastructure company for the Industrial Internet of Things (IIoT), announced that it partnered with leading independent cybersecurity research firm Bishop Fox to test the security of its Edge-Cloud infrastructure offerings. This Edge-Cloud infrastructure ensures that any machine, using …
SolarWinds Serv-U MFT 22.214.171.124 assigns authenticated users a low-entropy session token that can be included in requests to the application as a URL parameter in lieu of a session cookie. This session token’s value can be brute-forced by an attacker to obtain the corresponding session cookie and hijack the user’s session.
A denial-of-service vulnerability in SolarWinds Serv-U 126.96.36.199 allows an authenticated user to crash the application (with a NULL pointer dereference) via a specially crafted URL beginning with the /Web%20Client/ substring.