CVE-2016-2098 Python POC

by Vince
in Blog
Hits: 2673

"Action Pack in Ruby on Rails before 3.2.22.2, 4.x before 4.1.14.2, and 4.2.x before 4.2.5.2 allows remote attackers to execute arbitrary Ruby code by leveraging an application's unrestricted use of the render method."

Read more

Website Behind the WAF

by Vince
in Blog
Hits: 1776

You have a website, you want to protect it from attacks, and you hide it behind a web application firewall (WAF).  If your site was already public and you move it behind a WAF, bad actors can find your site.  Depending upon which WAF you're using, your site's actual location could also be discovered regardless of whether it was previously public on another server.  And if you're not locking down access to the site exclusively to the WAF, bad actors can attack your site without the protection of the WAF.

Read more

Warning: The TinyMCE Editor Plugin has been updated

by Vince
in Blog
Hits: 2395

You receive the following error in Joomla:

"Warning

The TinyMCE Editor Plugin has been updated. Currently it uses your existing configuration. By editing the plugin, you can now assign and customise various layouts to specific user groups.

Warning: when editing the plugin, you will lose all your previous settings!"

Read more