Advertise

Dark Reading Article Boards

Message Boards posted in March 2012

View Content By Month

No records found in the archive.

View Content by Month

[close this box]

Hot Topics

Editors' Choice

Election Websites, Back-End Systems Most at Risk of Cyberattack in Midterms

Kelly Jackson Higgins, Executive Editor at Dark Reading, 8/14/2018

Intel Reveals New Spectre-Like Vulnerability

Curtis Franklin Jr., Senior Editor at Dark Reading, 8/15/2018

Data Privacy Careers Are Helping to Close the IT Gender Gap

Dana Simberkoff, Chief Compliance and Risk Management Officer, AvePoint, Inc, 8/20/2018

Live Events

Webinars

More UBM Tech
Live Events

INsecurity Conference - An Event Like No Other

Black Hat Trainings - October 22 & 23

Are You Looking to Learn About New Cybersecurity Threats & Challenges? Then INsecurity Is For You!

White Papers

The Hacker-Powered Security Report 2018

[Frost and Sullivan] IoT Security for Connected Space

Distributed Defense: How Government Agencies Deploy Hacker-Powered Security

Protecting Against the Top 5 Attack Vectors

Essential Guide - Blocking Malware Without a SOC

More White Papers

Video

All Videos

Cartoon

Latest Comment: -- John Klossner's latest cartoon!

Cartoon Archive

Current Issue

The Biggest Cybersecurity Breaches of 2018 (So Far)

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

The State of IT and Cybersecurity

IT and security are often viewed as different disciplines - and different departments. Find out what our survey data revealed, read the report today!

Download Now!

[Strategic Security Report] Navigating the Threat Intelligence Maze

0 comments

[Strategic Security Report] Cloud Security's Changing Landscape

0 comments

The State of Ransomware

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-15601
PUBLISHED: 2018-08-21

apps/filemanager/handlers/upload/drop.php in Elefant CMS 2.0.3 performs a urldecode step too late in the "Cannot upload executable files" protection mechanism.

CVE-2018-15603
PUBLISHED: 2018-08-21

An issue was discovered in Victor CMS through 2018-05-10. There is XSS via the Author field of the "Leave a Comment" screen.

CVE-2018-15598
PUBLISHED: 2018-08-21

Containous Traefik 1.6.x before 1.6.6, when --api is used, exposes the configuration and secret if authentication is missing and the API's port is publicly reachable.

CVE-2018-15599
PUBLISHED: 2018-08-21

The recv_msg_userauth_request function in svr-auth.c in Dropbear through 2018.76 is prone to a user enumeration vulnerability because username validity affects how fields in SSH_MSG_USERAUTH messages are handled, a similar issue to CVE-2018-15473 in an unrelated codebase.

CVE-2018-0501
PUBLISHED: 2018-08-21

The mirror:// method implementation in Advanced Package Tool (APT) 1.6.x before 1.6.4 and 1.7.x before 1.7.0~alpha3 mishandles gpg signature verification for the InRelease file of a fallback mirror, aka mirrorfail.

Terms of Service
Privacy Statement
Legal Entities