「ユニクロ(UNIQLO)」とイタリアンブランド「マルニ(MARNI)」の初コラボレーションコレクシ…
新SD 9.0規格仕様を公開 –セミエンベデッドメモリとしてSDメモリカードの新用途へ
新たなセキュリティ機能で対応ホスト機器のブート、セキュアなデータ管理と「保守修理規則」対応 カリフォ…
EPOSの人気ヘッドセット「H6PRO」にサウンドカードとセットのかなりお得な限定モデルが登場!
デンマーク コペンハーゲン発のプレミアムゲーミングオーディオブランド「EPOS」配信用のマイクやフル…
JBLのゲーミングヘッドセットから低遅延2.4GHzワイヤレス接続の新モデル「JBL Quantum 350 Wireless」発表!
ゲームをプレイする際に音は非常に重要な要素の1つです。しかしオーディオの世界は青天井で、突き詰めてい…
[DotNetCasClient] Jasig Java CAS Client, .NET CAS Client, and phpCAS contain URL parameter injection vulnerability
A URL parameter injection vulnerability was found in the back-channel ticket validation step of the CAS protocol in Jasig Java CAS Client before 3.3.2, .NET CAS Client before 1.0.2, and phpCAS before 1.3.3 that allow remote attackers to inject arbitrar…
[cakephp/cakephp] CakePHP allows remote attackers to modify internal Cake cache and execute arbitrary code
The _validatePost function in libs/controller/components/security.php in CakePHP 1.3.x through 1.3.5 and 1.2.8 allows remote attackers to modify the internal Cake cache and execute arbitrary code via a crafted data[_Token][fields] value that is process…
[cakephp/cakephp] CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file
CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files.
References
https://nvd.nist….
[spree] Spree does not properly restrict the use of a hash to provide values for a model’s attributes
Spree 0.2.0 does not properly restrict the use of a hash to provide values for a model’s attributes, which allows remote attackers to set the Order state value and bypass the intended payment step via a modified URL, related to a “mass assignment” vuln…
[spree_auth_devise] spree_auth_devise allows remote authenticated users to assign arbitrary roles to themselves
app/models/spree/user.rb in spree_auth_devise in Spree 1.1.x before 1.1.6, 1.2.x, and 1.3.x does not perform mass assignment safely when updating a user, which allows remote authenticated users to assign arbitrary roles to themselves.
References
https…
[cakephp/cakephp] CakePHPallows remote attackers to read arbitrary files via XML data containing external entity references
The Xml class in CakePHP 2.1.x before 2.1.5 and 2.2.x before 2.2.1 allows remote attackers to read arbitrary files via XML data containing external entity references, aka an XML external entity (XXE) injection attack.
References
https://nvd.nist.gov/v…