Free Research and Reports
- App Developer Conference @ GDC Next - GDC Next
- iBeacons, BLE beacons and Everything in Between: Unpacking Proximity Sensing Technology @ Black Hat Europe - GDC Next
- Mobile Conversion is Broken: How To Fix It with Smart Mobile Design @ App Developers Conference - GDC Next
- Aligning emerging technology and ITSM - FUSION 14
Dark Reading Digital Magazine
Enterprise Vulnerabilities From DHS/US-CERT's National Vulnerability Database
Directory traversal vulnerability in functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to include and execute arbitrary local files via a .. (dot dot) in the name parameter in a get_template action.
functions/suggest.php in Banana Dance B.2.6 and earlier allows remote attackers to read arbitrary database information via a crafted request.
Multiple cross-site scripting (XSS) vulnerabilities in dotProject before 2.1.7 allow remote attackers to inject arbitrary web script or HTML via the (1) callback parameter in a color_selector action, (2) field parameter in a date_format action, or (3) company_name parameter in an addedit action to index.php. NOTE: the date parameter vector is already covered by CVE-2008-3886.
The Payment for Webform module 7.x-1.x before 7.x-1.5 for Drupal does not restrict access by anonymous users, which allows remote anonymous users to use the payment of other anonymous users when submitting a form that requires payment.
SQL injection vulnerability in the MRBS module for Drupal allows remote attackers to execute arbitrary SQL commands via unspecified vectors.