CodeIgniter prior to 2.2.0 makes it easier for malicious users to decode session cookies by leveraging fallback to a custom XOR-based encryption scheme when the Mcrypt extension for PHP is not available.
| Vulnerable Product | Search on Vulmon | Subscribe to Product |
|---|---|---|
codeigniter codeigniter |
Just don't run it anywhere near the internet, m'kay?
Owners of some Seagate NAS boxen will be exposed to a remote execution zero day flaw until a patch drops in May unless they kill some external services. The company learned of flaw in its Business Storage 2-bay NAS products on 18 October, 2014. Australian Beyond Binary hacker OJ Reeves alleged the company failed to fix the flaw or establish a reliable bug disclosure process. "At the time of writing, Shodan reports that there are over 2500 publicly exposed devices on the internet that are likely ...
Unpatched software in the OS means root to your stuff won't be hard, says researcher
An Australian security researcher says a bunch of Seagate NAS devices carry serious vulnerabilities and should be kept away from the Internet. OJ Reeves of Beyond Binary says the Seagate Business NAS line, up to version 2014.00319, carries old versions of PHP, CodeIgniter and Lighttpd. All of these, the post notes, have remotely exploitable vulnerabilities. As well as these, the company's post says the admin application "contains a number of security-related issues”. PHP 5.2.12 is vulnerable t...
Vulmon