Should have been posted yesterday | Let’s Read the Geek Mail
I’ve been playing some catch-up all morning. Yesterday had a hectic day working on a couple of client requirements. Spent most of the morning today trying to figure out how to install a CAPTCHA feature in one of my sites. If I don’t get sidetracked or I don’t forget, I’ll talk about this very important feature especially if you have a site that allows for registration and other stuff.
Yesterday, I wanted to introduce another section of the site that I plan to do every Thursday, I call it “Geek Mail”. I subscribe to a whole bunch of mailing lists that has something to do with Technology, Security and a whole bunch of other stuff that is essentially the overall theme of this blog. Sometimes I get to read some of them, but most of the time they languish in my mailbox as “clutter”.
So I figured, I post some of them here (at least the intro and the link to the actual article, don’t wanna get dinged on some weird copyright infringement thingamajig)… I see this as having three benefits: (1) it’ll force me to read more, since I’ll try not to post anything that don’t make any sense to me; (2) hopefully some of you will get some valuable nuggets out of these articles; (3) If the links don’t get outdated, it’ll help create my own personal knowledgebase just in case I am researching something, which you can use as well.
A quick disclaimer: Some of the links will require you to subscribe to their newsletter or whatever else they are offering. Please read and use your common sense. I have nothing to do with these people, I am much of a browser of their sites as you are and I am not getting paid on any of this stuff (If ever I am paid for anything I write – you will know). It is for your information and if you find value on the info, it is your job and your responsibility to take the necessary steps to get and properly use the info.
So without further ado, Let’s Read Geek Mail: Read more
Join Me On Facebook
Business Tech Press Releases- Cisco CCNP SWITCH Training Released by TrainSignal February 8, 2012
- The Pinball Arcade Launches on iOS and Android February 8, 2012
- Synopsys Announces Earnings Release Date for the First Quarter Fiscal Year 2012 February 8, 2012
- Apogee Shares Success Story at Major Industry Conference February 8, 2012
- Great Place to Work® Celebrates Strong Workplace Cultures Through the "We Heart Our Workplace" Video Contest February 8, 2012
- From the National Vulnerability Database
- CVE-2012-1034 (episerver_cms) February 7, 2012Multiple cross-site scripting (XSS) vulnerabilities in the admin interface in EPiServer CMS through 6R2 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. […]nvd@nist.gov
- CVE-2011-5076 (hdwiki) February 6, 2012SQL injection vulnerability in model/comment.class.php in HDWiki 5.0, 5.1, and possibly other versions allows remote attackers to execute arbitrary SQL commands via the PATH_INFO to index.php. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1021 (4images) February 6, 2012Cross-site scripting (XSS) vulnerability in admin/categories.php in 4images 1.7.10 allows remote attackers to inject arbitrary web script or HTML via the cat_parent_id parameter in an addcat action. […]nvd@nist.gov
- CVE-2012-1031 (episerver_cms) February 6, 2012Unspecified vulnerability in EPiServer CMS 5 and 6 through 6R2, in certain configurations using Forms Authentication, allows remote authenticated users to obtain WebAdmins access by leveraging Edit Mode privileges, a different vulnerability than CVE-2011-3416 and CVE-2011-3417. […]nvd@nist.gov
- CVE-2012-1008 (officesip_server) February 6, 2012OfficeSIP Server 3.1 allows remote attackers to cause a denial of service (daemon crash) via a crafted To header in a SIP INVITE message. […]nvd@nist.gov
- CVE-2012-0992 (openemr) February 6, 2012interface/fax/fax_dispatch.php in OpenEMR 4.1.0 allows remote authenticated users to execute arbitrary commands via shell metacharacters in the file parameter. […]nvd@nist.gov
- CVE-2012-1004 (foswiki) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in UI/Register.pm in Foswiki before 1.1.5 allow remote authenticated users with CHANGE privileges to inject arbitrary web script or HTML via the (1) text, (2) FirstName, (3) LastName, (4) OrganisationName, (5) OrganisationUrl, (6) Profession, (7) Country, (8) State, (9) Address, (10) Location, (11) Telephon […]nvd@nist.gov
- CVE-2012-1019 (xwiki_enterprise) February 6, 2012Multiple cross-site scripting (XSS) vulnerabilities in XWiki Enterprise 3.4 allow remote attackers to inject arbitrary web script or HTML via the (1) XWiki.XWikiComments_comment parameter to xwiki/bin/commentadd/Main/WebHome, (2) XWiki.XWikiUsers_0_company parameter when editing a user profile, or (3) projectVersion parameter to xwiki/bin/view/DownloadCode/D […]nvd@nist.gov
- CVE-2012-1002 (openconf) February 6, 2012Unspecified vulnerability in OpenConf 4.x before 4.12 has unknown impact and attack vectors. […]nvd@nist.gov
- CVE-2012-1029 (tube_ace) February 6, 2012SQL injection vulnerability in mobile/search/index.php in Tube Ace (Adult PHP Tube Script) 1.6 allows remote attackers to execute arbitrary SQL commands via the q parameter. NOTE: some of these details are obtained from third party information. […]nvd@nist.gov
- CVE-2012-1034 (episerver_cms) February 7, 2012