DOCSLIB.ORG

Vulnerability Summary for the Week of January 5, 2014

Total Page:16

File Type:pdf, Size:1020Kb

Download full-text PDF Read full-text
Vulnerability Summary for the Week of January 5, 2014 Vulnerability Summary for the Week of January 5, 2014 Please Note: • The vulnerabilities are cattegorized by their level of severity which is either High, Medium or Low. • The !" indentity number is the #ublicly $nown %& given to that #articular vulnerability. Therefore you can search the status of that #articular vulnerability using that %&. • The !'S (Common !ulnerability 'coring System) score is a standard scoring system used to determine the severity of the vulnerability. High Severity Vulnerabilities The Primary Vendor --- Description Date CVSS The CVE Product Published Score Identity a*a+,#ost,search,#roject 'QL in*ection vulnerability in the 2015-01-07 7.5 CVE-2012-5853 CONFIRM -- a*a+,#ost,search /the,search,function/ function in BUGTRAQ cardoza,a*a+,search.#h# in the 0102 Post 'earch (cardoza-a*a+-search) #lugin before 3.3 for 5ordPress allows remote attac$ers to e+ecute arbitrary 'QL commands via the srch,t+t #arameter in a /the,search,te+t/ action to wp-admin6admin-a*a+.ph#. asus -- wrt,firmware common.c in infosvr in 0'7' 58T firmware 2015-01-08 10.0 CVE-2014-9583 MISC (link is 4.9.0.4.3;<,39;3, 4.0.0.3;<.=>=:-g9934f>=, and external) other versions, as used in 8T-0 <<7, 8T-N6<7, EXPLOIT-DB and other routers, does not #roperly chec$ the (link is external) MISC (link is M0 address for a re?uest, which allows remote external) attac$ers to by#ass authentication and e+ecute arbitrary commands via a NET, M&,%&,M0NU, MD #ac$et to 7DP #ort @@@@. NOTE: this issue was incorrectly ma##ed to !"-=93:-39999, but that %D is invalid due to its use as an e+am#le of the =93: !E %D synta+ change. basic-cms -- sweetrice Multi#le 'QL in*ection vulnerabilities in 2015-01-03 7.5 CVE-2010-5317 MISC (link is inde+.ph# in 'weet8ice M' before 9.<.7.1 allow external) remote attac$ers to e+ecute arbitrary 'QL commands via (3) the file,name #arameter in an attachment action, (=) the #ost #arameter in a show_comment action, (4) the sys-name #arameter in an rssfeed action, or (:) the sys- name #arameter in a view action. cts,#rojectsBsoftware -- 'QL in*ection vulnerability in showads.ph# in 2015-01-02 7.5 CVE-2014-9455 MISC (link is classad T' Pro*ects B 'oftware lass0d 4.0 allows external) remote attac$ers to e+ecute arbitrary 'QL commands via the catid #arameter. debian -- mime-su##ort run-mailca# in the Debian mime-su##ort 2015-01-06 7.5 CVE-2014-7209 XF (link is #ac$age before 4.5=-3Cdeb;u3 allows conte+t- external) de#endent attac$ers to e+ecute arbitrary BID (link is commands via shell metacharacters in a external) MLIST (link is filename. external) SECUNIA (link is external) deliciousdays -- cformsii 7nrestricted file u#load vulnerability in 2015-01-07 7.5 CVE-2014-9473 CONFIRM lib,nona*a+.ph# in the forms%% #lugin 3:.7 and BUGTRAQ earlier for 5ordPress allows remote attac$ers to (link is external) e+ecute arbitrary code by u#loading a file with an e+ecutable e+tension via the cf,u#loadfile=DE #arameter, then accessing the file via a direct re?uest to the file in the default u#load directory. don,ho -- note#ad+C Fuffer overflow in NotePad+C <.6.@ allows 2015-01-02 10.0 CVE-2014-9456 EXPLOIT-DB remote attac$ers to have uns#ecified im#act via (link is external) a long Time attribute in an Event element in an 2ML file. NOTE: this issue was originally incorrectly ma##ed to !"-=93:-399:G see !"- =93:-399: for more information. he+-rays -- ida Hea#-based buffer overflow in the H&F 2015-01-02 10.0 CVE-2014-9458 SECUNIA (link debugger module in He+-8ays %&0 Pro before <.6 is external) cumulative fi+ =93:-3=-=: allows remote H&F servers to have uns#ecified im#act via un$nown vectors. humhub -- humhub 'QL in*ection vulnerability in the action%nde+ 2015-01-06 7.5 CVE-2014-9528 CONFIRM (link function in is external) #rotected/modules,core6notification6controllers XF (link is 6List ontroller.ph# in HumHub 9.19.0-rc.1 and external) EXPLOIT-DB earlier allows remote authenticated users to (link is external) e+ecute arbitrary 'QL commands via the from FULLDISC #arameter to inde+.ph#. NOTE: this can be MISC (link is leveraged for cross-site scri#ting (2'') attac$s external) via a re?uest that causes an error. infinitewp -- 'QL in*ection vulnerability in login.#h# in 2015-01-05 7.5 CVE-2014-9519 MISC (link is infinitewp,admin,#anel %nfinite5P 0dmin Panel before =.4.4 allows external) remote attac$ers to e+ecute arbitrary 'QL FULLDISC commands via the email #arameter. infinitewp -- 'QL in*ection vulnerability in e+ecute.ph# in 2015-01-05 7.5 CVE-2014-9520 MISC (link is infinitewp,admin,#anel %nfinite5P 0dmin Panel before =.4.: allows external) remote attac$ers to e+ecute arbitrary 'QL FULLDISC commands via the historyID #arameter. infinitewp -- 7nrestricted file u#load vulnerability in 2015-01-05 7.5 CVE-2014-9521 MISC (link is infinitewp,admin,#anel u#loadScri#t.ph# in %nfinite5P 0dmin Panel external) before =.4.:, when the allWPIiles ?uery FULLDISC #arameter is set, allows remote attac$ers to e+ecute arbitrary code by u#loading a file with a double e+tension, then accessing it via a direct re?uest to the file in the u#loads directory, as demonstrated by the .ph#.swp filename. installatron -- 'QL in*ection vulnerability in incl/create.inc.ph# 2015-01-02 7.5 CVE-2014-9445 XF (link is g?,file,manager in %nstallatron HQ Iile Manager 9.2.5 allows external) remote attac$ers to e+ecute arbitrary 'QL EXPLOIT-DB commands via the create #arameter to (link is external) inde+.ph#. NOTE: this can be leveraged for cross- site scri#ting (2'') attac$s by creating a file that generates an error. NOTE: this issue was originally incorrectly ma##ed to !"-=93:-334;G see !"-=93:-334; for more information. linu+ -- linu+,$ernel The batadv_frag,merge,#ac$ets function in 2015-01-02 7.8 CVE-2014-9428 MLIST net6batman-adv/fragmentation.c in the CONFIRM (link F.A.T.M.A.N. im#lementation in the Linu+ $ernel is external) through 4.1J.1 uses an incorrect length field MLIST (link is external) during a calculation of an amount of memory, MLIST (link is external) which allows remote attac$ers to cause a denial CONFIRM of service (mesh-node system crash) via CONFIRM fragmented #ac$ets. mediawi$i -- mediawi$i The wfMangleIlashPolicy function in 2015-01-04 7.5 CVE-2014-9277 CONFIRM Aut#utHandler.ph# in Media5i$i before 3.1@.==, MLIST (link is 3.=9.x through 3.2=.x before 3.2=.3:, and 3.24.x external) before 3.24.7 allows remote attac$ers to conduct MLIST (link is external) PHP ob*ect in*ection attac$s via a crafted string DEBIAN containing Kcross-domain-#olicyL in a PHP SECTRACK format re?uest, which causes the string length (link is external) to change when converting the re?uest to KNOT-cross-domain-#olicy>. microweber -- microweber 'QL in*ection vulnerability in ategory.#h# in 2015-01-03 7.5 CVE-2014-9464 MISC (link is Microweber M' 9.9> before =93:3=9@ allows external) remote attac$ers to e+ecute arbitrary 'QL CONFIRM (link commands via the category #arameter when is external) dis#laying a category, related to the M#arent,id variable. mini-stream -- rm- Fuffer overflow in Mini-stream 8M-MP4 2015-01-02 7.5 CVE-2014-9448 EXPLOIT-DB m#4,converter onverter 4.1.2.3.2939.94.39 allows remote (link is external) attac$ers to e+ecute arbitrary code or cause a EXPLOIT-DB denial of service (crash) via a long string in a (link is external) OSVDB 502 file. osclass -- osclass 'QL in*ection vulnerability in the 2015-01-05 7.5 CVE-2014-8083 BID (link is 'earch::set1son0lert method in A' lass before external) 4.:.3 allows remote attac$ers to e+ecute BUGTRAQ arbitrary '.L commands via the alert #arameter (link is external) FULLDISC in a search alert subscri#tion action. MISC (link is external) MISC (link is external) osclass -- osclass Directory traversal vulnerability in oc- 2015-01-05 7.5 CVE-2014-8084 BID (link is includes6osclass6controller6a*a+.ph# in A' lass external) before 4.4.4 allows remote attac$ers to include BUGTRAQ and e+ecute arbitrary local files via a .. (dot dot) (link is external) FULLDISC in the a*a+file #arameter in a custom action. MISC (link is external) MISC (link is external) #h# -- #h# sa#i6cgi6cgi,main.c in the H% com#onent in PHP 2015-01-02 7.5 CVE-2014-9427 CONFIRM (link through >.4.3<, >.5.x through >.5.29, and >.6.x is external) through >.6.4, when mma# is used to read a .ph# MLIST (link is file, does not #ro#erly consider the ma##ingNs external) MLIST (link is length during #rocessing of an invalid file that external) begins with a O character and lac$s a newline MLIST (link is character, which causes an out-of-bounds read external) and might (3) allow remote attac$ers to obtain CONFIRM (link is external) sensitive information from #h#-cgi #rocess memory by leveraging the ability to u#load a .ph# file or (=) trigger une+#ected code e+ecution if a valid PHP scri#t is #resent in memory locations adjacent to the ma##ing.
Load more

Recommended publications
  • Student Authored Textbook on Software Architectures
    Software Architectures: Case Studies Authors: Students in Software Architectures course Computer Science and Computer Engineering Department University of Arkansas May 2014 Table of Contents Chapter 1 - HTML5 Chapter 2 – XML, XML Schema, XSLT, and XPath Chapter 3 – Design Patterns: Model-View-Controller Chapter 4 – Push Notification Services: Google and Apple Chapter 5 - Understanding Access Control and Digital Rights Management Chapter 6 – Service-Oriented Architectures, Enterprise Service Bus, Oracle and TIBCO Chapter 7 – Cloud Computing Architecture Chapter 8 – Architecture of SAP and Oracle Chapter 9 – Spatial and Temporal DBMS Extensions Chapter 10 – Multidimensional Databases Chapter 11 – Map-Reduce, Hadoop, HDFS, Hbase, MongoDB, Apache HIVE, and Related Chapter 12 –Business Rules and DROOLS Chapter 13 – Complex Event Processing Chapter 14 – User Modeling Chapter 15 – The Semantic Web Chapter 16 – Linked Data, Ontologies, and DBpedia Chapter 17 – Radio Frequency Identification (RFID) Chapter 18 – Location Aware Applications Chapter 19 – The Architecture of Virtual Worlds Chapter 20 – Ethics of Big Data Chapter 21 – How Hardware Has Altered Software Architecture SOFTWARE ARCHITECTURES Chapter 1 – HTML5 Anh Au Summary In this chapter, we cover HTML5 and the specifications of HTML5. HTML takes a major part in defining the Web platform. We will cover high level concepts, the history of HTML, and famous HTML implementations. This chapter also covers how this system fits into a larger application architecture. Lastly, we will go over the high level architecture of HTML5 and cover HTML5 structures and technologies. Introduction High level concepts – what is the basic functionality of this system HyperText Markup Language (HTML) is the markup language used by to create, interpret, and annotate hypertext documents on any platform.
    [Show full text]
  • Corporate Registry Registrar's Periodical Template
    Service Alberta ____________________ Corporate Registry ____________________ Registrar’s Periodical REGISTRAR’S PERIODICAL, OCTOBER 15, 2009 SERVICE ALBERTA Corporate Registrations, Incorporations, and Continuations (Business Corporations Act, Cemetery Companies Act, Companies Act, Cooperatives Act, Credit Union Act, Loan and Trust Corporations Act, Religious Societies’ Land Act, Rural Utilities Act, Societies Act, Partnership Act) 0858562 B.C. LTD. Other Prov/Territory Corps 1487822 ALBERTA LTD. Numbered Alberta Registered 2009 SEP 08 Registered Address: 2700 Corporation Incorporated 2009 SEP 01 Registered COMMERCE PLACE, 10155 - 102 STREET, Address: 127 SENECA ROAD, SHERWOOD PARK EDMONTON ALBERTA, T5J 4G8. No: 2114889252. ALBERTA, T8A 4G6. No: 2014878223. 0859953 B.C. LTD. Other Prov/Territory Corps 1487828 ALBERTA LTD. Numbered Alberta Registered 2009 SEP 15 Registered Address: 1200, 700 - Corporation Incorporated 2009 SEP 01 Registered 2ND STREET SW, CALGARY ALBERTA, T2P 4V5. Address: 10040 87 AVE NW, EDMONTON No: 2114902543. ALBERTA, T6E 2N9. No: 2014878280. 101142932 SASKATCHEWAN LTD. Other 1487831 ALBERTA LTD. Numbered Alberta Prov/Territory Corps Registered 2009 SEP 11 Registered Corporation Incorporated 2009 SEP 01 Registered Address: 499 - 1 STREET SE, MEDICINE HAT Address: 3812 MACNEIL HEATH, EDMONTON ALBERTA, T1A 0A7. No: 2114895259. ALBERTA, T6R 0H5. No: 2014878314. 1481801 ALBERTA LTD. Numbered Alberta 1487832 ALBERTA LTD. Numbered Alberta Corporation Incorporated 2009 SEP 07 Registered Corporation Incorporated 2009 SEP 01 Registered Address: 1013 5TH AVENUE, WAINWRIGHT Address: 2056 TANNER WYND, EDMONTON ALBERTA, T9W 1L6. No: 2014818013. ALBERTA, T6R 2R4. No: 2014878322. 1485500 ALBERTA LTD. Numbered Alberta 1487845 ALBERTA LTD. Numbered Alberta Corporation Incorporated 2009 SEP 02 Registered Corporation Incorporated 2009 SEP 03 Registered Address: 2401 TD TOWER, 10088 102 AVENUE, Address: 4007-34A AVENUE NW, EDMONTON EDMONTON ALBERTA, T5J 2Z1.
    [Show full text]
  • A South Vietnam Pocket Guide, 1962
    ARMY UNIFORMS Of VtnN.AM 7 Ill VIETNAM I 1 rlmJJ- NINE RULES For Personnel of U.S. Military Assistance Command, Vietnam HOW MUCH DO YOU KNOW ABOUT VIETNAM ? The Victnameae have p!Ud • hetJvy price in ruff~ for t hC'lr Ion& fiaht a«Aintt the Commumst.. We mtlitsry attn .,-c in ViCUUU'D o.ow bccau'le their r;ovcr1'mcnt hai Mlccd ue to help iu toldiCTt iaM peopk in winnin& their ttnigglc. Tbc Viet Cone wi11 aucmpt to tum th«' Vietnamese people qainat you. You can defeat. them At c•u:ry lum Why Is It o (Lcn diftkull to by the strength, undcnl.And~. and gcn\!:n:l5ity you display with tell a Viet Cona from a loyol the people. Hett are the nine simple rules: South VictnA~ ? 8 " Remember we are spcdal e;ucats here; we make no demands And aedt no 1pccud U'eAtmc:nt. h 11uoc mam 110mcth1na to wear, "Join with the people! Underatand tbclr life, uee phruct from 1omethin& to or the of e11t , name t hci:r IAneuai:e. end honor their cu1tomt and lawt. t'U\ orglU\i..rotlon? ··Treat womm witb Politcuc!IS and ropc:c:l. ''Malec pcnonal friends am(lng the 110ldicn and common people. Why would a South V1ct.ruuneac be puzzled or off'cndcd J you u1cd " Always i;\vc tbc Vict..o.amcao tllc ril(ht oC way. the American gesture fot beckonini ''Be alert. lo MCUrity and ttady to tellct with your mlllt.ar)' hlm to come to )'OU] alcill. " Don't Al trfct attention by loud, rude.
    [Show full text]
  • CMS, LMS, LCMS Kavramları
    XI. Akademik Bilişim Konferansı, 11-13 Şubat 2009, Harran Üniversitesi, ŞANLIURFA CMS, LMS, LCMS Kavramları Özlem Ozan Eskişehir Osmangazi Üniversitesi, Bilgisayar ve Öğretim Teknolojileri Eğitimi Bölümü, ESKİŞEHİR Özet: eÖğrenme ve uzaktan eğitim uygulamalarının yaygınlaşmasıyla birlikte eğitim içeriği ve uygulamalarının elektronik ortamdaki yönetimi giderek önem kazanmıştır. Buna paralel olarak içerik ve uygulamaların nasıl yönetileceği tartışılmaya başlanmıştır. Eğitim öğretim süreçlerinin, içeriklerinin veya etkinliklerinin bir arada ya da ayrı ayrı yönetilebileceği pek çok farklı uygulama mevcuttur ancak bu bağlamda konuyla ilgili kavram kargaşası da süregelmektedir. Bu çalışmada, içerik yönetim sistemi (content management system-cms), öğrenme yönetim sistemi (learning management system-lms), ve öğrenme içerik yönetim sistemlerinin (learning content management system-lcms) kavramları irdelenecek ve bu bağlamda ulusal alan yazına katkı sağlanmaya çalışılacaktır. Giriş 1. İçerik Yönetim Sistemi Günümüz dünyasında, bilgi ve iletişim İçerik yönetim sistemleri (Content Management teknolojilerinin hızlı gelişimi ve özellikle Web Systems) günümüzde popüler olan ve çoğu 2.0 sürecinde içerik anlayışının ve öneminin zaman web sistemleri için kullanılan bir kavram artmasıyla, “İçerik Yönetimi” kavramı hemen olarak karşımıza çıkmaktadır. “İçerik” kavramı, hemen bütün alanlarda ihtiyaç duyulan ve Türk Dil Kurumunun Türkçe sözlüğünde bir tartışılan bir kavram haline gelmiştir. şeyin içinde bulunanların bütünü, muhtevası olarak tanımlanmaktadır[1].
    [Show full text]
  • Building Blocks of a Scalable Web Crawler
    Building blocks of a scalable web crawler Marc Seeger Computer Science and Media Stuttgart Media University September 15, 2010 A Thesis Submitted in Fulfilment of the Requirements for a Degree of Master of Science in Computer Science and Media Primary thesis advisor: Prof. Walter Kriha Secondary thesis advisor: Dr. Dries Buytaert I I Abstract The purpose of this thesis was the investigation and implementation of a good architecture for collecting, analysing and managing website data on a scale of millions of domains. The final project is able to automatically collect data about websites and analyse the content management system they are using. To be able to do this efficiently, different possible storage back-ends were examined and a system was implemented that is able to gather and store data at a fast pace while still keeping it searchable. This thesis is a collection of the lessons learned while working on the project combined with the necessary knowledge that went into architectural decisions. It presents an overview of the different infrastructure possibilities and general approaches and as well as explaining the choices that have been made for the implemented system. II Acknowledgements I would like to thank Acquia and Dries Buytaert for allowing me to experience life in the USA while working on a great project. I would also like to thank Chris Brookins for showing me what agile project management is all about. Working at Acquia combined a great infrastructure and atmosphere with a pool of knowledgeable people. Both these things helped me immensely when trying to find and evaluate a matching architecture to this project.
    [Show full text]
  • Chapter 3 – Design Patterns: Model-View- Controller
    SOFTWARE ARCHITECTURES Chapter 3 – Design Patterns: Model-View- Controller Martin Mugisha Brief History Smalltalk programmers developed the concept of Model-View-Controllers, like most other software engineering concepts. These programmers were gathered at the Learning Research Group (LRG) of Xerox PARC based in Palo Alto, California. This group included Alan Kay, Dan Ingalls and Red Kaehler among others. C language which was developed at Bell Labs was already out there and thus they were a few design standards in place[ 1] . The arrival of Smalltalk would however change all these standards and set the future tone for programming. This language is where the concept of Model-View- Controller first emerged. However, Ted Kaehler is the one most credited for this design pattern. He had a paper in 1978 titled ‘A note on DynaBook requirements’. The first name however for it was not MVC but ‘Thing-Model-View-Set’. The aim of the MVC pattern was to mediate the way the user could interact with the software[ 1] . This pattern has been greatly accredited with the later development of modern Graphical User Interfaces(GUI). Without Kaehler, and his MVC, we would have still been using terminal to input our commands. Introduction Model-View-Controller is an architectural pattern that is used for implementing user interfaces. Software is divided into three inter connected parts. These are the Model, View, and Controller. These inter connection is aimed to separate internal representation of information from the way it is presented to accepted users[ 2] . fig 1 SOFTWARE ARCHITECTURES As shown in fig 1, the MVC has three components that interact to show us our unique information.
    [Show full text]
  • KOS.Content 01 | 2014
    KOS.content 01 | 2014 Ergebnisse der Untersuchungen des Kompetenzzentrum Open Source der DHBW-Stuttgart Frühjahr 2014 band.1 KOS.content 01 | 2014 Editorial Lieber Leser, vor Ihnen liegt der erste Ergebnisband mit studen- Fragestellungen werden dann in Seminaren an der tischen Ausarbeitungen, die im Rahmen des For- DHBW von studentischen Arbeitsgruppen analy- schungsprojekt KOS entstanden sind. KOS steht siert, wobei nicht nur die Dozenten, sondern auch für Kompetenzzentrum Open Source und bezeich- Fachexperten der dualen Partner die Studierenden net ein kooperatives Forschungsprojekt im Studi- wissenschaftlich leiten. engang Wirtschaftsinformatik der DHBW Stutt- gart, das in Zusammenarbeit mit den dualen Am Ende eines jeden Seminars präsentieren die Partnern Allianz Deutschland, HALLESCHE Kran- Studierenden die Untersuchungsergebnisse vor kenversicherung und Deutsche Rentenversiche- den Vertretern der beteiligten Unternehmen. Meist rung Baden-Württemberg den Einsatz von Open geht dabei um generische Lösungskonzepte, die Source Software/Techniken zur Optimierung von von den beteiligten dualen Partnern in konkrete Geschäftsprozessen in Versicherungsunterneh- Lösungen für das eigene Unternehmen umgesetzt men untersucht. werden können. Diese Abschlusspräsentationen sind nicht nur für die Unternehmen, sondern auch Die Ursprünge des Forschungsprojekts KOS gehen für die Studierenden etwas Besonderes, da sie ihre auf das Jahr 2009 zurück, in dem die Duale Hoch- Seminarergebnisse vor einem recht großen fach- schule Baden-Württemberg (DHBW) nicht
    [Show full text]
  • EDB 분석 보고서 (2016.09) 2016.09.01~2016.09.30 Exploit-DB( 공개된 취약점별로 분류한 정보입니다
    EDB 분석 보고서 (2016.09) 2016.09.01~2016.09.30 Exploit-DB(http://exploit-db.com)에 공개된 취약점별로 분류한 정보입니다. 분석 내용 정리 (작성: 펜타시큐리티시스템 보안성평가팀) 2016년 9월에 공개된 Exploit-DB의 분석 결과, Cross Site Scripting 공격에 대한 취약점 보고 개수가 가장 많았습니다. 발견된 Cross Site Scripting 공격들의 대부분은 오픈소스 아이피 관리 시스템인 PHPIPAM에서 발견되었습니다. PHPIPAM 에서 발견된 공격들을 분석해보면, 파라미터 값을 변조하여 스크립트를 삽입하는 단순한 공격들의 형태가 대부분이었습니다. SQL Injection 공격 역시 PHPIAM에 서 발견되었는데, 이 역시 공격의 위험도와 난이도가 높은 형태들의 공격은 아니었습니다. 그러나, 취약점이 발견된 페이지가 상당히 많고 추가적인 공격에 노출될 수 있으므로 PHPIPAM을 사용하는 관리자는 시큐어코딩 및 보안업데이트가 필요해 보입니다. 또한, 이번 달에는 Exponent CMS에서 특이한 SQL Injection 취약점이 발견되었습니다. 대부분의 SQL Injection 공격은 Parameter의 value를 노리게 되는 데, 이번에 발견된 취약점은 일반적인 Parameter key, value의 구조가 아닌 URL경로에 공격하는 패턴이었습니다. 이는 일반적으로는 성공이 되지 않는 취약점이지만 사이트의 구조에 따라 얼마든지 공격이 성공할 수 있는 취약점입니다. Exponent CMS와 마찬가지로 사이트가 URL 경로를 이용해서 어떠한 행위를 한다면 반드시 주의해야 될 부분이므로 관련 공격코드를 참고하여 취약점에 노출되지 않도록 주의 해야 합니다. 30 1. 취약점 별 보고 개수 취약점 별 보고 개수 26 취약점 보고 개수 25 LFI 1 RFI 1 20 Directory Traversal 1 SQL Injection 7 15 XSS 26 총합계 36 10 7 5 1 1 1 0 LFI RFI Directory Traversal SQL Injection XSS 2. 위험도별 분류 위험도 별 분류 위험도 보고 개수 백분율 상 2 5.56% 2 중 34 94.44% 합계 36 100.00% 상 중 34 3. 공격 난이도 별 현황 공격 난이도 보고 개수 백분율 공격 난이도 별 현황 상 2 5.56% 중 1 2.78% 하 33 91.67% 2 1 총합계 36 100.00% 상 중 하 33 4.
    [Show full text]
  • Implementación Basada En Software
    Implementación basada en software libre de un portal web para apoyo en el proceso colaborativo de desarrollo de un videojuego para la enseñanza de la ingeniería de software 1 Francisco Ismael Maya-Sarasty & Daniel Arenas-Seleey Facultad de Ingeniería, Universidad Autónoma de Bucaramanga, Bucaramanga, Colombia. [email protected], [email protected] Resumen— Este documento presenta la implantación de un sistema de de un videojuego, partiendo de una investigación realizada en software libre alrededor del desarrollo de un videojuego educativo que la Universidad Autónoma de Bucaramanga que construyó un promueve la enseñanza de la Ingeniería de Software. Empezando con la realización de un análisis concienzudo de las características del software modelo para la educación de la Ingeniería de Software. A través necesario para crear un entorno que favorece el trabajo colaborativo de la lectura de ésta y otras investigaciones se crea un portal multidisciplinario, para luego instalar y configurar las soluciones seleccionadas web que se convierte en el sustento conceptual e informativo y terminar con un análisis del cumplimiento de directrices de usabilidad para para garantizar la continuidad del proceso de desarrollo de un portales web y directrices de jugabilidad para videojuegos. La contribución de crear un portal web (www.soengirpg.com) es la videojuego de rol, creando un entorno de compartición del activación del trabajo colaborativo que garantiza la continuidad de la conocimiento a través de la interacción de sus usuarios construcción de un videojuego sobre la Ingeniería de Software. Un sistema que mediante la utilización de foro, wiki, chat y un sistema de integra a todos los actores interesados, que requieren de un entorno donde versiones.
    [Show full text]
  • Ree Croatian Folklore and Folklife Writings on Bosniak Coffee
    Conveying Ćeif 1 Conveying Ćeif: -ree Croatian Folklore and Folklife Writings on Bosniak Coffee Culture Dorian Jurić McMaster University Fruitvale, Canada Abstract is article presents three short passages describing coffee and coffeehouse culture among Bosnian and Herzegovinian Muslims in the late nineteenth century. ese texts are Drawn from manuscripts collecteD by lay, Croatian folklore anD folklife collectors wHo submitteD tHem to two early collecting projects in Zagreb. e pieces are translateD Here for tHe first time into EnglisH anD placeD into historical and cultural context regarding the history of coffee culture in Bosnia and Herzegovina and the wider Ottoman Empire as well as the politics of folklore collection at the time. By using tHe Pan-Ottoman concept of ćeif as a theoretical lens, I argue that these early folklorists produced impressive folklife accounts of Bosniak foodways, but that these depictions inevitably enfolded both genuine interest and negative by-products of the wiDer politics of their era. IntroDuction Of all tHe comestibles to transition from localizeD context to global phenomenon, none can claim the same position of influence as coffee. Charting an astronomic trajectory over the course of 500 years, coffee moved from a wilD plant cultivated in modern-day Ethiopia to a global trade item that revolutionized religious observance, social interactions, political process, human rights, city planning, and the nature of labor practices. Fe history of that life-course is a dynamic tapestry of movement through various cultures and chronologies, full of social upHeaval, poetic inspiration, anD tHe vigorous remoDeling of public and private custom. is article is concerneD witH one of tHe earlier campaigns in coffee’s global conquest.
    [Show full text]
  • ROILA : Robot Interaction Language
    ROILA : RObot Interaction LAnguage Citation for published version (APA): Mubin, O. (2011). ROILA : RObot Interaction LAnguage. Technische Universiteit Eindhoven. https://doi.org/10.6100/IR712664 DOI: 10.6100/IR712664 Document status and date: Published: 01/01/2011 Document Version: Publisher’s PDF, also known as Version of Record (includes final page, issue and volume numbers) Please check the document version of this publication: • A submitted manuscript is the version of the article upon submission and before peer-review. There can be important differences between the submitted version and the official published version of record. People interested in the research are advised to contact the author for the final version of the publication, or visit the DOI to the publisher's website. • The final author version and the galley proof are versions of the publication after peer review. • The final published version features the final layout of the paper including the volume, issue and page numbers. Link to publication General rights Copyright and moral rights for the publications made accessible in the public portal are retained by the authors and/or other copyright owners and it is a condition of accessing publications that users recognise and abide by the legal requirements associated with these rights. • Users may download and print one copy of any publication from the public portal for the purpose of private study or research. • You may not further distribute the material or use it for any profit-making activity or commercial gain • You may freely distribute the URL identifying the publication in the public portal. If the publication is distributed under the terms of Article 25fa of the Dutch Copyright Act, indicated by the “Taverne” license above, please follow below link for the End User Agreement: www.tue.nl/taverne Take down policy If you believe that this document breaches copyright please contact us at: [email protected] providing details and we will investigate your claim.
    [Show full text]
  • Muzikološki Z B O R N I K L Ii /2
    MUZIKOLOŠKI ZBORNIK MUSICOLOGICAL ANNUAL L II /2 ZVEZEK/VOLUME L J U B L J A N A 2 0 1 6 Marking the 70th Anniversary of ICTM and 20th Anniversary of CES Folk Slovenia. Music, Sound and Ecology Ob sedemdesetletnici ICTM in dvajsetletnici KED Folk Slovenija. Glasba, zvok in ekologija MZ_2016_2_FINAL.indd 1 8.12.2016 12:28:49 Izdaja • Published by Oddelek za muzikologijo Filozofske fakultete Univerze v Ljubljani Urednik številke • Volume edited by Svanibor Pettan (Ljubljana) Glavni in odgovorni urednik • Editor-in-chief Jernej Weiss (Ljubljana) Asistentka uredništva • Assistant Editor Tjaša Ribizel (Ljubljana) Uredniški odbor • Editorial Board Matjaž Barbo (Ljubljana) Aleš Nagode (Ljubljana) Svanibor Pettan (Ljubljana) Leon Stefanija (Ljubljana) Andrej Rijavec (Ljubljana), častni urednik • honorary editor Mednarodni uredniški svet • International Advisory Board Michael Beckermann (Columbia University, USA) Nikša Gligo (University of Zagreb, Croatia) Robert S. Hatten (Indiana University, USA) David Hiley (University of Regensburg, Germany) Thomas Hochradner (Mozarteum Salzburg, Austria) Bruno Nettl (University of Illinois, USA) Helmut Loos (University of Leipzig, Germany) Jim Samson (Royal Holloway University of London, UK) Lubomír Spurný (Masaryk University Brno, Czech Republic) Katarina Tomašević (Serbian Academy of Sciences and Arts, Serbia) John Tyrrell (Cardiff University, UK) Michael Walter (University of Graz, Austria) Uredništvo • Editorial Address Oddelek za muzikologijo Filozofska fakulteta Aškerčeva 2, SI-1000 Ljubljana, Slovenija
    [Show full text]