Surviving the Week 9/7/12

A Number of Exploits Including SQL Injection, XSS, and Authentication Bypass

This week, researchers found some remarkable vulnerabilities including Remote code execution, SQL Injection, and Cross-Site Scripting within bug tracking systems as well as in security vendor’s products. Test your application with NTOSpider to find all possible vulnerabilities.

GarrettCom Privilege Escalation –
Symantec Messaging Gateway 9.5 Default SSH Password  –
HP SiteScope Remote Code Execution –
Kayako Fusion 4.40.1148 Cross Site Scripting –
Drupal Exposed Filter Data 6.x Cross Site Scripting –
Flogr 2.5.6 Cross Site Scripting –
Web@All CMS 2.0 Shell Upload / Local File Inclusion –
Ektron CMS 8.5.0 File Upload / XXE Injection –
Barracuda Web Filter 910 5.0.015 Cross Site Scripting –
eFront Enterprise 3.6.11 Cross Site Scripting –
Support4Arabs Pages 2.0 SQL Injection –
Wiki Web Help 0.3.11 Remote File Inclusion –
JIRA / GreenHopper Cross Site Scripting –
ES Job Search Engine 3.0 SQL Injection –

Database Security on the Cloud for Microsoft SQL Azure

GreenSQL’s software-based solution can be installed as a front-end to SQL Azure. It fully camouflages and secures the Azure database, dynamically masks sensitive and confidential data in real-time, and provides monitoring and auditing of data access and administrative activities. Its caching dramatically increases database performance, reducing latency in cloud environments. By using GreenSQL, companies comply with regulations such as HIPAA, PCI, SOX, and Basel II.

Government Warns Businesses of Cyber Crime Threat

The UK government’s spy agency, GCHQ, launched a program that aims to help business leaders tackle the growing threat of cyber attacks. GCHQ head Lain Lobban will tell business leaders that current confidence in existing security defenses is often misplaced, with potentially major implications for the economy and customers’ trust in online services. He will also ask board members and chief executives how confident they are that their most important corporate information is safe from cyber threats and whether they are aware of the impact on a company’s reputation, share price or even existence if sensitive information is stolen.

About Dan Kuykendall 159 Articles
Connect with Dan on Google+

Be the first to comment

Leave a Reply

Your email address will not be published.