Database Security

Authentication

Privacy

Compliance

Identity & Access Management

Security Monitoring

Advanced Threats

Insider Threats

Vulnerability Management

Network Computing Dark Reading

Advertise

About Us

Author

Profile of Daniel Gordon

Cyber Intel Analyst, Lockheed Martin Computer Incident Response Team

Member Since: 1/22/2017
Author
News & Commentary Posts: 1
Comments: 1

Daniel Gordon, CISSP, is a member of the Lockheed Martin Computer Incident Response Team. He has worked in IT and information security for over 10 years. He holds a BA in political science from St Mary's College of Maryland and a graduate certificate in modeling and simulation of behavioral cybersecurity from the University of Central Florida. He is currently pursuing his Master's degree in modeling & simulation.

Articles by Daniel Gordon

View Content By Month

Why You’re Doing Cybersecurity Risk Measurement Wrong

1/30/2017
Measuring risk isn’t as simple as some make it out to be, but there are best practices to help you embrace the complexity in a productive way. Here are five.
Post a Comment

Content by Month
January 2017 - 1
[close this box]

Hot Topics

Editors' Choice

Japan Cyber Minister Says He Has Never Used a Computer

Dark Reading Staff 11/15/2018

New Bluetooth Hack Affects Millions of Vehicles

Dark Reading Staff 11/16/2018

Vulnerabilities Dip 7%, but Researchers Are Cautious

Kelly Sheridan, Staff Editor, Dark Reading, 11/19/2018

Live Events

Webinars

More UBM Tech
Live Events

Enterprise Connect 2019 - Build Your Comms & Collaboration Future

Communications & Collaboration 2022 at EC19 Orlando March 18-21

White Papers

10 Best Practices That Could Reshape Your IT Security Department

2018 Cyberthreat Defense Report

Securing your Code for GDPR Compliance

Cyber Threats Are Surging Globally

SANS 2018 Threat Hunting Survey Results

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Genius! Only a Big Brother can control another.

Cartoon Archive

Current Issue

10 Emerging Threats Every Enterprise Should Know About

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

How Enterprises Are Attacking the Cybersecurity Problem

Data breach fears and the need to comply with regulations such as GDPR are two major drivers increased spending on security products and technologies. But other factors are contributing to the trend as well. Find out more about how enterprises are attacking the cybersecurity problem by reading our report today.

Download Now!

Online Malware and Threats: A Profile of Today's Security Posture

0 comments

The Risk Management Struggle

0 comments

How Data Breaches Affect the Enterprise

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading OR #DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2018-19433
PUBLISHED: 2018-11-22

ShowDoc 2.4.1 has XSS via the lang parameter because install/database.php mishandles the $cur_lang value.

CVE-2018-19434
PUBLISHED: 2018-11-22

An issue was discovered on the "Bank Account Matching - Receipts" screen of the General Ledger component in webERP 4.15. BankMatching.php has Blind SQL injection via the AmtClear_ parameter.

CVE-2018-19435
PUBLISHED: 2018-11-22

An issue was discovered in the Sales component in webERP 4.15. SalesInquiry.php has SQL Injection via the SortBy parameter.

CVE-2018-19436
PUBLISHED: 2018-11-22

An issue was discovered in the Manufacturing component in webERP 4.15. CollectiveWorkOrderCost.php has Blind SQL Injection via the SearchParts parameter.

CVE-2018-19437
PUBLISHED: 2018-11-22

UCMS 1.4.7 allows remote authenticated users to change the administrator password because $_COOKIE['admin_'.cookiehash] is used for arbitrary cookie values that are set and not empty.

Terms of Service
Privacy Statement
Legal Entities

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]