DOCSLIB.ORG

Vulnerability Summary for the Week of November 3, 2014

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vulnerability Summary for the Week of November 3, 2014 Vulnerability Summary for the Week of November 3, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity accuenergy ** acuvim+ii The web server on the ,-N-NET Ethernet 2014-11-05 7.5 CVE-2014-2373 module accessory ../0 for the ,ccuenergy ,cuvim %% allows remote attac$ers to bypass authentication and modify settings via a direct re1uest to an uns#ecified 23L. accuenergy ** acuvim+ii The ,-N-NET Ethernet module accessory ..00 for 2014-11-05 7.5 CVE-2014-2374 the ,ccuenergy ,cuvim %% allows remote attac$ers to discover #asswords and modify settings via vectors involving 4ava'cri#t. asus ** rt+firmware ,'2' 3T*, 562, 3T*, 553, 3T*, 552, 3T* 2014-11-04 7.8 CVE-2014-2718 XF (link is , 753, 3T*, 752, 3T*N653, 3T*N652, 3T*N553, external) 3T*N552, and #ossibly other 3T*series routers BID (link is before firmware ..0.0.0.385.x do not verify the external) FULLDISC integrity of firmware (:) u#date information or MISC (link is (;) downloaded u#dates, which allows man*in* external) the*middle (M%TM) attac$ers to e9ecute arbitrary MISC (link is code via a crafted image. external) bittorrent ** bootstra#*dht The lazy+bdecode function in <itTorrent 2014-10-31 7.5 CVE-2014-8509 CONFIRM (link bootstra#*dht (a$a <ootstra#) allows remote is external) attac$ers to e9ecute arbitrary code via a crafted MISC (link is external) #ac$et, which triggers an out*of*bounds read, BID (link is related to =%m#roper %nde9ing." external) ca ** , loud 'ervice Management ( 'M) before 2014-11-04 7.5 CVE-2014-8474 cloud_service+manageme 'ummer ;/:0 allows remote attac$ers to read nt arbitrary files, send HTTP re1uests to intranet servers, or cause a denial of service ( P2 and memory consum#tion) via an -ML document containing an e9ternal entity declaration in con>unction with an entity reference, related to an -ML "9ternal Entity (--") issue. cisco ** rv1;/w The networ$*diagnostics administration 2014-11-07 9.0 CVE-2014-2177 interface in the isco 3! router firmware on 3!;;/? devices, before :.0.5.9 on 3!:;/? devices, and before :.0.4.10 on 3!:6/ and 3!:6/? devices allows remote authenticated users to e9ecute arbitrary commands via a crafted HTTP re1uest, a$a <ug %D ' uh68:;5. cisco ** rv1;/w ross*site re1uest forgery ( '3A) vulnerability in 2014-11-07 7.5 CVE-2014-2178 the administrative web interface in the isco 3! router firmware on 3!;;/? devices, before :./.5.9 on 3!:;/? devices, and before :.0.0.10 on 3!:6/ and 3!:6/? devices allows remote attac$ers to hi>ac$ the authentication of administrators, a$a <ug %& ' uh68:07. cli#*share ** cli#share 'QL in>ection vulnerability in midroll.#h# in 2014-11-04 7.5 CVE-2014-8339 XF (link is Nuevolab Nuevoplayer for li#'hare 6.0 and external) earlier allows remote attac$ers to e9ecute MISC (link is arbitrary 'BL commands via the ch #arameter. external) MISC (link is external) com#al_broadband_netw The om#al <roadband Networ$s ( <N) 2014-11-06 10.0 CVE-2014-8656 MISC (link is or$s ** firmware H550/E and C550/E ?ireless Cateway :.0 external) with firmware H550/*..5.::.7*NOSH have a EXPLOIT-DB default #assword of (:) admin for the admin (link is external) MISC (link is account and (;) com#albn for the root account, external) which ma$es it easier for remote attac$ers to OSVDB obtain access to certain sensitive information via uns#ecified vectors. c#+multi+view_event+cal 'QL in>ection vulnerability in the P Multi !iew 2014-11-04 7.5 CVE-2014-8586 XF (link is endar+#roject ** Event alendar #lugin :./: for ?ordPress allows external) c#+multi+view_event+cal remote attac$ers to e9ecute arbitrary 'QL BID (link is endar commands via the calid #arameter. external) EXPLOIT-DB (link is external) MISC (link is external) OSVDB debian ** a#t ,PT before :.0.9 does not verify downloaded 2014-11-03 7.5 CVE-2014-0487 SECUNIA (link files if they have been modified as indicated is external) using the %f*Modified-'ince header, which has SECUNIA (link uns#ecified im#act and attac$ vectors. is external) debian ** a#t ,PT before :.0.9, when the ,c1uire::Czi#%nde9es 2014-11-03 7.5 CVE-2014-0489 SECUNIA (link option is enabled, does not validate chec$sums, is external) which allows remote attac$ers to e9ecute SECUNIA (link arbitrary code via a crafted #ac$age. is external) debian ** a#t The a#t*get download command in ,PT before 2014-11-03 7.5 CVE-2014-0490 SECUNIA (link :./.9 does not #roperly validate signatures for is external) #ac$ages, which allows remote attac$ers to SECUNIA (link e9ecute arbitrary code via a crafted #ac$age. is external) emc ** 'QL in>ection vulnerability in EM 3', ?eb 2014-11-07 9.0 CVE-2014-4627 BUGTRAQ rsa+web+threat+detectio Threat Detection 0.x before 0.5.1.1 allows (link is external) n remote authenticated users to e9ecute arbitrary 'QL commands via uns#ecified vectors. es#ocrm ** es#ocrm Directory traversal vulnerability in Es#oC3M 2014-10-31 10.0 CVE-2014-7985 MISC (link is before ;.6./ allows remote attac$ers to include external) and e9ecute arbitrary local files via a .. (dot dot) BID (link is in the action #arameter to install/inde9.ph#. external) BUGTRAQ (link is external) MISC (link is external) ffm#eg ** ffm#eg Hea#*based buffer overflow in the encode+slice 2014-11-03 7.5 CVE-2014-5271 CONFIRM function in libavcodecE#roresenc+$ostya.c in OSVDB AAM#eg before :.1.:0, :.2.x before :.;.8, ;.x CONFIRM before ;.2.8, and ;.3.x before ;.3.. and Libav before :/.7 allows remote attac$ers to cause a denial of service (crash) or #ossibly e9ecute arbitrary code via uns#ecified vectors. ffm#eg ** ffm#eg libavcodecEm>#egdec.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8541 CONFIRM considers only dimension differences, and not CONFIRM bits*#er*#i9el differences, when determining whether an image size has changed, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted M4P"C data. ffm#eg ** ffm#eg libavcodecEutils.c in AAm#eg before ;.4.2 omits a 2014-11-05 7.5 CVE-2014-8542 CONFIRM certain codec %D during enforcement of CONFIRM alignment, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted 4! data. ffm#eg ** ffm#eg libavcodecEmmvideo.c in AAm#eg before ;.0.2 2014-11-05 7.5 CVE-2014-8543 CONFIRM does not consider all lines of HH! %ntra bloc$s CONFIRM during validation of image height, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted MM video data. ffm#eg ** ffm#eg libavcodecEtiff.c in AAm#eg before ;.4.2 does not 2014-11-05 7.5 CVE-2014-8544 CONFIRM #roperly validate bits*#er*#i9el fields, which CONFIRM allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted T%AA data. ffm#eg ** ffm#eg libavcodecE#ngdec.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8545 CONFIRM acce#ts the monochrome*blac$ format without CONFIRM verifying that the bits*#er*#i9el value is :, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted PNG data. ffm#eg ** ffm#eg %nteger underflow in libavcodecEcine#a$.c in 2014-11-05 7.5 CVE-2014-8546 CONFIRM AAm#eg before ;.4.2 allows remote attac$ers to CONFIRM cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted ine#a$ video data. ffm#eg ** ffm#eg libavcodecEgifdec.c in AAm#eg before ;.0.2 does 2014-11-05 7.5 CVE-2014-8547 CONFIRM not #roperly com#ute image heights, which CONFIRM allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted C%A data. ffm#eg ** ffm#eg Dff*by-one error in libavcodecEsmc.c in AAm#eg 2014-11-05 7.5 CVE-2014-8548 CONFIRM before ;.4.; allows remote attac$ers to cause a CONFIRM denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted Quic$time Cra#hics (a$a 'M ) video data. ffm#eg ** ffm#eg libavcodecEon;avc.c in AAm#eg before ;.4.2 2014-11-05 7.5 CVE-2014-8549 CONFIRM does not constrain the number of channels to at CONFIRM most ;, which allows remote attac$ers to cause a denial of service (out*of*bounds access) or #ossibly have uns#ecified other im#act via crafted On; data. fortinet ** AortiNet Aorti,& *E with firmware ..1.1 before 2014-11-01 7.5 CVE-2014-8582 XF (link is coyote+#oint+e1ualizer 0./.5 and oyote Point "1ualizer with firmware external) :/.2.0a allows remote attac$ers to obtain access CONFIRM (link to arbitrary subnets via uns#ecified vectors.
Load more

Recommended publications
  • Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities
    Fear the EAR: Discovering and Mitigating Execution After Redirect Vulnerabilities Adam Doupé, Bryce Boe, Christopher Kruegel, and Giovanni Vigna University of California, Santa Barbara {adoupe, bboe, chris, vigna}@cs.ucsb.edu ABSTRACT 1. INTRODUCTION The complexity of modern web applications makes it diffi- An increasing number of services are being offered on- cult for developers to fully understand the security implica- line. For example, banking, shopping, socializing, reading tions of their code. Attackers exploit the resulting security the news, and enjoying entertainment are all available on the vulnerabilities to gain unauthorized access to the web appli- web. The increasing amount of sensitive data stored by web cation environment. Previous research into web application applications has attracted the attention of cyber-criminals, vulnerabilities has mostly focused on input validation flaws, who break into systems to steal valuable information such such as cross site scripting and SQL injection, while logic as passwords, credit card numbers, social security numbers, flaws have received comparably less attention. and bank account credentials. In this paper, we present a comprehensive study of a rela- Attackers use a variety of vulnerabilities to exploit web tively unknown logic flaw in web applications, which we call applications. In 2008, Albert Gonzalez was accused and Execution After Redirect, or EAR. A web application de- later convicted of stealing 40 million credit and debit cards veloper can introduce an EAR by calling a redirect method from major corporate retailers, by writing SQL injection under the assumption that execution will halt. A vulnera- attacks [20, 30]. Another common vulnerability, cross-site bility occurs when server-side execution continues after the scripting (XSS), is the second highest-ranked entry on the developer’s intended halting point, which can lead to bro- OWASP top ten security risks for web applications, behind ken/insufficient access controls and information leakage.
    [Show full text]
  • A Web-Based Application for the Display of Geolocated Tweets on a Map
    UNIVERSITY OF FRIBOURG Pervasive & Artificial Intelligence Research Group LTMap A web-based application for the display of geolocated Tweets on a map MASTER THESIS Aron Martinez Student number: 06-208-771 Address: Via Ravecchia 11b, CH-6512 Giubiasco Email: [email protected] Head: Prof. Beat Hirsbrunner Supervisor: Apostolos Malatras Giubiasco, March 24, 2013 Swiss Joint Master of Science in Computer Science Acknowledgements Acknowledgements First of all, I would like to thank Apostolos Malatras for his support, guidance and good advice, and also for all the valuable feedback he provided me. I would also like to thank Prof. Beat Hirsbrunner for giving me the chance to be part of the PAI group for the duration of my master thesis. It has been a great pleasure to collaborate with the PAI research group and to meet all its very kind members during the project meetings and presentations. Finally I want to thank my family and friends for their moral support, and last but not least, I want to thank my wife Lucile for having always believed in me, and for her invaluable support and her continuous encouragement during the writing of the thesis. iii Abstract Abstract Today, different services offer geolocated information based on social networks, but in most cases this information is available only for some major cities around the world, for only one social network at a time and without focusing on the actual personal interests of the user. The purpose of this master thesis is to create a web-based application that uses open- source APIs to access localization services and social network information and displays the retrieved information on a map, based on the user’s location.
    [Show full text]
  • Questions for Openshift
    www.YoYoBrain.com - Accelerators for Memory and Learning Questions for OpenShift Category: Default - (402 questions) OpenShift:&nbsp; 2 primary tools to serve 1. container runtime - creates containers in application in OpenShift platform Linux 2. orchestration engine - manage cluster of servers running containers OpenShift:&nbsp; routing layer a software load balancer, when an application is deployed in OpenShift, a DNS entry is created and added to the load balancer, which interfaces with the Kubernetes service OpenShift:&nbsp; log into cluster and create oc&nbsp;login -u dev -p dev http://....:8443 user named dev with password dev OpenShift:&nbsp; what is the default port for 8443 OpenShift cluster OpenShift:&nbsp; what is a cluster's initial All All identity provider user name/password configuration allows any user and password combination to log in. OpenShift:&nbsp; ____ are the fundamental projects way applications are organized OpenShift:&nbsp; to create a project called oc&nbsp;new-project image-update image-update --display-name='My image update project' OpenShift:&nbsp; how to change to project oc&nbsp;project myProj myProj OpenShift:&nbsp; each application application source code deployment's image is created using _____ custom base image called a builder image and ____ OpenShift:&nbsp; the component that build config controls the creation of your application containers is _____ OpenShift:&nbsp; ____ contains all the info build config needed to build an application using its source code OpenShift:&nbsp; 4 things in build config 1. URL for the application source code 2. Name of builder image to use 3. Name of the application container image that is created 4.
    [Show full text]
  • Vulnerability Summary for the Week of June 5, 2017
    Vulnerability Summary for the Week of June 5, 2017 Please Note: • The vulnerabilities are categorized by their level of severity which is either High, Medium or Low. • The CVE identity number is the publicly known ID given to that particular vulnerability. Therefore, you can search the status of that particular vulnerability using that ID. • The CVSS (Common Vulnerability Scoring System) score is a standard scoring system used to determine the severity of the vulnerability. High Vulnerabilities Primary CVSS Source & Patch Vendor -- Product Description Published Score Info In Apache Hadoop 2.8.0, 3.0.0-alpha1, and 3.0.0-alpha2, the LinuxContainerExecutor runs docker commands as root with CVE-2017-7669 insufficient input validation. When the docker BID(link is feature is enabled, authenticated users can run 2017-06- external) apache -- hadoop commands as root. 04 8.5 MLIST CVE-2017-9364 Unrestricted File Upload exists in BigTree CONFIRM(link CMS through 4.2.18: if an attacker uploads an is external) bigtreecms -- 'xxx.pht' or 'xxx.phtml' file, they could bypass 2017-06- CONFIRM(link bigtree_cms a safety check and execute any code. 02 7.5 is external) CVE-2017-9435 Dolibarr ERP/CRM before 5.0.3 is vulnerable CONFIRM(link to a SQL injection in user/index.php is external) (search_supervisor and search_statut 2017-06- CONFIRM(link dolibarr -- dolibarr parameters). 05 7.5 is external) CVE-2014-9923 In NAS in all Android releases from CAF BID(link is using the Linux kernel, a Buffer Copy external) without Checking Size of Input vulnerability 2017-06- CONFIRM(link google -- android could potentially exist.
    [Show full text]
  • A Systematic Analysis of XSS Sanitization in Web Application Frameworks
    A Systematic Analysis of XSS Sanitization in Web Application Frameworks Joel Weinberger, Prateek Saxena, Devdatta Akhawe, Matthew Finifter, Richard Shin, and Dawn Song University of California, Berkeley Abstract. While most research on XSS defense has focused on techniques for securing existing applications and re-architecting browser mechanisms, sanitiza- tion remains the industry-standard defense mechanism. By streamlining and au- tomating XSS sanitization, web application frameworks stand in a good position to stop XSS but have received little research attention. In order to drive research on web frameworks, we systematically study the security of the XSS sanitization abstractions frameworks provide. We develop a novel model of the web browser and characterize the challenges of XSS sanitization. Based on the model, we sys- tematically evaluate the XSS abstractions in 14 major commercially-used web frameworks. We find that frameworks often do not address critical parts of the XSS conundrum. We perform an empirical analysis of 8 large web applications to extract the requirements of sanitization primitives from the perspective of real- world applications. Our study shows that there is a wide gap between the abstrac- tions provided by frameworks and the requirements of applications. 1 Introduction Cross-site scripting (XSS) attacks are an unrelenting threat to existing and emerg- ing web applications. Major web services such as Google Analytics, Facebook and Twitter have had XSS issues in recent years despite intense research on the sub- ject [34, 52, 61]. Though XSS mitigation and analysis techniques have enjoyed intense focus [6, 7, 12, 13, 33, 36, 37, 39, 41, 43, 44, 47, 49, 50, 59, 64, 66, 68], research has paid little or no attention to a promising sets of tools for solving the XSS riddle—web appli- cation frameworks—which are gaining wide adoption [18, 21, 22, 28, 35, 42, 48, 55, 58, 69, 71].
    [Show full text]
  • Guide to Open Source Solutions
    White paper ___________________________ Guide to open source solutions “Guide to open source by Smile ” Page 2 PREAMBLE SMILE Smile is a company of engineers specialising in the implementing of open source solutions OM and the integrating of systems relying on open source. Smile is member of APRIL, the C . association for the promotion and defence of free software, Alliance Libre, PLOSS, and PLOSS RA, which are regional cluster associations of free software companies. OSS Smile has 600 throughout the World which makes it the largest company in Europe - specialising in open source. Since approximately 2000, Smile has been actively supervising developments in technology which enables it to discover the most promising open source products, to qualify and assess them so as to offer its clients the most accomplished, robust and sustainable products. SMILE . This approach has led to a range of white papers covering various fields of application: Content management (2004), portals (2005), business intelligence (2006), PHP frameworks (2007), virtualisation (2007), and electronic document management (2008), as well as PGIs/ERPs (2008). Among the works published in 2009, we would also cite “open source VPN’s”, “Firewall open source flow control”, and “Middleware”, within the framework of the WWW “System and Infrastructure” collection. Each of these works presents a selection of best open source solutions for the domain in question, their respective qualities as well as operational feedback. As open source solutions continue to acquire new domains, Smile will be there to help its clients benefit from these in a risk-free way. Smile is present in the European IT landscape as the integration architect of choice to support the largest companies in the adoption of the best open source solutions.
    [Show full text]
  • Red Hat Directory Server 11 Installation Guide
    Red Hat Directory Server 11 Installation Guide Instructions for installing Red Hat Directory Server Last Updated: 2021-04-23 Red Hat Directory Server 11 Installation Guide Instructions for installing Red Hat Directory Server Marc Muehlfeld Red Hat Customer Content Services [email protected] Legal Notice Copyright © 2021 Red Hat, Inc. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, the Red Hat logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Red Hat Enterprise Linux 6 6.4 Release Notes
    Red Hat Enterprise Linux 6 6.4 Release Notes Release Notes for Red Hat Enterprise Linux 6.4 Edition 4 Last Updated: 2017-10-20 Red Hat Enterprise Linux 6 6.4 Release Notes Release Notes for Red Hat Enterprise Linux 6.4 Edition 4 Red Hat Engineering Content Services Legal Notice Copyright © 2012 Red Hat, Inc. This document is licensed by Red Hat under the Creative Commons Attribution-ShareAlike 3.0 Unported License. If you distribute this document, or a modified version of it, you must provide attribution to Red Hat, Inc. and provide a link to the original. If the document is modified, all Red Hat trademarks must be removed. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent. Red Hat Software Collections is not formally related to or endorsed by the official Joyent Node.js open source or commercial project.
    [Show full text]
  • Opettajan Arvio Opinnäytetyöstä
    Harrison Oriahi CONTENT MANAGEMENT SYSTEMS (CMS) CONTENT MANAGEMENT SYSTEMS (CMS) Harrison Oriahi Bachelor’s thesis Autumn 2014 Degree Programme in Information Technology Oulu University of Applied Sciences ABSTRACT Oulu University of Applied Sciences Degree in Information Technology, Internet Services Author(s): Harrison Oriahi Title of Bachelor’s thesis: Content Management Systems Supervisor(s): Veijo Väisänen Term and year of completion: Autumn 2014 Number of pages: 48 + 3 appendices ABSTRACT: This thesis describes the three most common and widely used content management systems (CMS) used to power several millions of business websites on the internet. Since there are many other content managements systems online, this report provides some helpful guides on each of these three most used systems and the web design projects that each of them maybe most suitable. There are plenty of options when it comes to selecting a content management system for a development project and this thesis focuses on making a detailed comparison between the three most commonly used ones. This comparison will help provide a clear understanding of why a content management system maybe preferred to the other when considering any web design project. To help detect the content management system (CMS) or development platform that an already existing website is built on, some helpful website analyzing tools are also discussed in this report. By reading this report, a reader with no previous experience with content management systems will be able to have a general view on what they are, what the commonly used ones are and what to consider when making a choice of content management system to use.
    [Show full text]
  • BAB II LANDASAN TEORI 2.1 Sistem Informasi Menurut Laudon, K C Dan
    5 BAB II LANDASAN TEORI 2.1 Sistem Informasi Menurut Laudon, K C dan Laudon, J.P dalam indonesian journal on networking and security menjelaskan, sistem informasi adalah teknologi informasi tang diorganisasikan untuk mencapai tujuan dalam sebuah organisasi. Secara teknis sistem informasi dapat didefinisikan sebagai kumpulan komponen yang saling berhubungan, mengumpulkan, memproses, menyimpan, dan mendistribusikan informasi untuk menunjang pengambilan keputusan dan pengawasan dalam suatu organisasi. 2.2 CodeIgniter CodeIgniter adalah framework web untuk bahasa pemrograman PHP, yang dibuat oleh Rick Ellis pada tahun 2006, penemu dan pendiri EllisLab(www.ellislab.com). EllisLab adalah suatu tim kerja yang terdiri pada tahun 2002 dan bergerak di bidang pembuatan software dan tool untuk para pengembang web. Sejak tahun 2014 EllisLab telah menyerahkan hak kepemilikan CodeIgniter ke British Columbia Institute of Technology (BCIT) untuk proses pengembangan lebih lanjut. saat ini, situs web resmi dari CodeIgniter telah berubah dari www.ellislab.com ke www.codeigniter.com. CodeIgniter memiliki banyak fitur (fasilitas) yang membantu para pengembang (developer) PHP untuk dapat membuat aplikasi web secara mudah dan cepat. Dibandingkan dengan framework web PHP lainnya, harus diakui bahwa CodeIgniter memiliki desain yang lebih sederhana dan bersifat fleksibel tidak kaku.(Budi Raharjo, 2015) 6 2.3 MVC (Model, View, Controller) Dalam teknik pemrograman berorientasi objek, Model-View-Controller(MVC) adalah nama dari suatu metodologi atau pola design (design patern) yang digunakan untuk merelasikan data dan user-interface aplikasi secara efesien. pola MVC awalnya digunakan untuk rancang bangun aplikasi dekstop, khusus nya untuk aplikasi-aplikasi yang dikembangkan menggunakan C++, Java, dan Smalltalk, Namun, saat ini arsitektur tersebut telah diadopsi untuk aplikasi berbasis web.
    [Show full text]
  • Centos System Administration Essentials
    www.it-ebooks.info CentOS System Administration Essentials Become an efficient CentOS administrator by acquiring real-world knowledge of system setup and configuration Andrew Mallett BIRMINGHAM - MUMBAI www.it-ebooks.info CentOS System Administration Essentials Copyright © 2014 Packt Publishing All rights reserved. No part of this book may be reproduced, stored in a retrieval system, or transmitted in any form or by any means, without the prior written permission of the publisher, except in the case of brief quotations embedded in critical articles or reviews. Every effort has been made in the preparation of this book to ensure the accuracy of the information presented. However, the information contained in this book is sold without warranty, either express or implied. Neither the author, nor Packt Publishing, and its dealers and distributors will be held liable for any damages caused or alleged to be caused directly or indirectly by this book. Packt Publishing has endeavored to provide trademark information about all of the companies and products mentioned in this book by the appropriate use of capitals. However, Packt Publishing cannot guarantee the accuracy of this information. First published: November 2014 Production reference: 1181114 Published by Packt Publishing Ltd. Livery Place 35 Livery Street Birmingham B3 2PB, UK. ISBN 978-1-78398-592-0 www.packtpub.com Cover image by Bartosz Chucherko ([email protected]) [ FM-2 ] www.it-ebooks.info Credits Author Project Coordinator Andrew Mallett Neha Thakur Reviewers Proofreaders Jonathan
    [Show full text]
  • Red Hat Jboss Fuse 6.3 Security Guide
    Red Hat JBoss Fuse 6.3 Security Guide Making it safe for your systems to work together Last Updated: 2017-11-09 Red Hat JBoss Fuse 6.3 Security Guide Making it safe for your systems to work together JBoss A-MQ Docs Team Content Services [email protected] Legal Notice Copyright © 2016 Red Hat. The text of and illustrations in this document are licensed by Red Hat under a Creative Commons Attribution–Share Alike 3.0 Unported license ("CC-BY-SA"). An explanation of CC-BY-SA is available at http://creativecommons.org/licenses/by-sa/3.0/ . In accordance with CC-BY-SA, if you distribute this document or an adaptation of it, you must provide the URL for the original version. Red Hat, as the licensor of this document, waives the right to enforce, and agrees not to assert, Section 4d of CC-BY-SA to the fullest extent permitted by applicable law. Red Hat, Red Hat Enterprise Linux, the Shadowman logo, JBoss, OpenShift, Fedora, the Infinity logo, and RHCE are trademarks of Red Hat, Inc., registered in the United States and other countries. Linux ® is the registered trademark of Linus Torvalds in the United States and other countries. Java ® is a registered trademark of Oracle and/or its affiliates. XFS ® is a trademark of Silicon Graphics International Corp. or its subsidiaries in the United States and/or other countries. MySQL ® is a registered trademark of MySQL AB in the United States, the European Union and other countries. Node.js ® is an official trademark of Joyent.
    [Show full text]