Advertise

Author

Profile of Javvad Malik

Security Advocate at AlienVault

News & Commentary Posts: 3

Javvad Malik is a London-based IT Security professional. Better
known as an active blogger, event speaker and industry commentator who is
possibly best known as one of the industry's most prolific video bloggers
with his signature fresh and light-hearted perspective on security. Prior
to joining AlienVault, Javvad was a senior analyst with 451 Research
providing technology vendors, investors, and end users with strategic
advisory services, including competitive research and go-to-market
positioning.

Articles by Javvad Malik
posted in March 2017

View Content By Month

Threats Converge: IoT Meets Ransomware

3/6/2017
Ransomware is already a problem. The Internet of Things has had a number of security issues. What happens when the two combine?
Post a Comment

Hot Topics

Editors' Choice

12 Free, Ready-to-Use Security Tools

Steve Zurier, Freelance Writer, 10/12/2018

Most IT Security Pros Want to Change Jobs

Dark Reading Staff 10/12/2018

6 Security Trends for 2018/2019

Curtis Franklin Jr., Senior Editor at Dark Reading, 10/15/2018

Webinars

How Headless CMS Fits into Modern Web Architectures

Lambda Architecture with In-Memory Technology

The Network of the Future is Powered by AI

Webinar Archives

White Papers

Mobile Devices: The New Support Frontier for IT (IDG Report)

Emotet Survival Handbook

Building Security In Maturity Model (BSIMM9)

How to Navigate the Intersection of DevOps and Security

Claims Tracking Made Easy: Insurance Portal Built Fast with Low-code Platform

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: This comment is waiting for review by our moderators.

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The Risk Management Struggle

The majority of organizations are struggling to implement a risk-based approach to security — even though risk reduction has become the primary metric for measuring the effectiveness of enterprise security strategies. Read the report and get more details today!

Download Now!

How Data Breaches Affect the Enterprise

0 comments

The State of IT and Cybersecurity

0 comments

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-18381
PUBLISHED: 2018-10-16

Z-BlogPHP 1.5.2.1935 (Zero) has a stored XSS Vulnerability in zb_system/function/c_system_admin.php via the Content-Type header during the uploading of image attachments.

CVE-2018-18382
PUBLISHED: 2018-10-16

Advanced HRM 1.6 allows Remote Code Execution via PHP code in a .php file to the user/update-user-avatar URI, which can be accessed through an "Update Profile" "Change Picture" (aka user/edit-profile) action.

CVE-2018-18374
PUBLISHED: 2018-10-16

XSS exists in the MetInfo 6.1.2 admin/index.php page via the anyid parameter.

CVE-2018-18375
PUBLISHED: 2018-10-16

goform/getProfileList in Orange AirBox Y858_FL_01.16_04 allows attackers to extract APN data (name, number, username, and password) via the rand parameter.

CVE-2018-18376
PUBLISHED: 2018-10-16

goform/getWlanClientInfo in Orange AirBox Y858_FL_01.16_04 allows remote attackers to discover information about currently connected devices (hostnames, IP addresses, MAC addresses, and connection time) via the rand parameter.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]