Flag Lists – Moderately Critical – Cross Site Scripting – SA-CONTRIB-2016-051

Advisory ID: DRUPAL-SA-CONTRIB-2016-051
Project: Flag Lists (third-party module)
Version: 7.x
Date: 2016-September-07
Security risk: 14/25 ( Moderately Critical) AC:Basic/A:User/CI:Some/II:Some/E:Theoretical/TD:All
Vulnerability: Cross Site Scripting
Description
This module enables regular users to create unlimited private flags called lists.
The flag_lists module doesn’t sufficiently filter the output when applying token strings to flag_lists links leading to a persistent Cross Site Scripting (XSS) attack.
This vulnerability is mitigated by the fact that an attacker must have a role with the “Create flag lists” permission.

CVE identifier(s) issued
A CVE identifier will be requested, and added upon issuance, in accordance with Drupal Security Team processes.
Versions affected
flag_lists 7.x-3.x versions prior to 7.x-3.1.
flag_lists 7.x-1.x versions prior to 7.x-1.3.
Please note that there are two different versions available of the flag_lists module. One 7.x-3.x which is used together with flag 7.x-3.x and one for the earlier flag module prior to 7.x-3.x.
Drupal core is not affected. If you do not use the contributed Flag lists module, there is nothing you need


Original URL: https://www.drupal.org/node/2796651

Original article

Xirrus Wi-Fi Inspector 2.0 available for Windows 10, Mac

Popular Wi-Fi scanner Xirrus Wi-Fi Inspector has finally hit version 2.0. The release brings support for Windows 10, and introduces the first Mac version. Compatibility improvements include new support for the Wi-Fi standards 802.11ac Wave 1 and Wave 2. There’s also a Network Vendor column to identify the manufacturer of each network device. Overall it’s a great-looking tool which displays plenty of information about the wireless networks around you. There are plenty of gaps in functionality (it can generate attractive graphs, but has no way to save them), but also some unexpected extras (simple troubleshooting tests), and the program remains… [Continue Reading]


Original URL: http://feeds.betanews.com/~r/bn/~3/Y4clu29vyak/

Original article

What Carrie Underwood’s success teaches us about IBM’s Watson failure

I have a TV producer friend I worked with years ago who at some point landed as one of the many producers of American Idol when that singing show was a monster hit dominating U.S. television. She later told me an interesting story about Carrie Underwood, the country-western singer who won American Idol Season 4. That story can stand as a lesson applicable to far more than just TV talent shows. It’s especially useful for the purposes of this column for explaining IBM’s Watson technology and associated products. You see the producers of American Idol Season 4 knew before the… [Continue Reading]


Original URL: http://feeds.betanews.com/~r/bn/~3/1UPop2kEnFA/

Original article

CURL 7.50.2 released: Changes

Fixed in 7.50.2 – September 7 2016
Bugfixes:

Fixed in 7.50.1 – August 3 2016
Bugfixes:

Fixed in 7.50.0 – July 21 2016
Changes:
Bugfixes:

Fixed in 7.49.1 – May 30 2016
Bugfixes:

Fixed in 7.49.0 – May 18 2016
Changes:
Bugfixes:

Fixed in 7.48.0 – March 23 2016
Changes:
Bugfixes:

Fixed in 7.47.1 – February 8 2016
Bugfixes:

Fixed in 7.47.0 – January 27 2016
Changes:
Bugfixes:

Fixed in 7.46.0 – December 2 2015
Changes:
Bugfixes:

Fixed in 7.45.0 – October 7 2015
Changes:
Bugfixes:

Fixed in 7.44.0 – August 12 2015
Changes:
Bugfixes:

Fixed in 7.43.0 – June 17 2015
Changes:
Bugfixes:

Fixed in 7.42.1 – April 29 2015
Bugfixes:

Fixed in 7.42.0 – April 22 2015
Changes:
Bugfixes:

Fixed in 7.41.0 – February 25 2015
Changes:
Bugfixes:

Fixed in 7.40.0 –


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/5H8ctjIXEHo/changes.html

Original article

Support for Hello discontinued in Firefox 49

On September 13, 2016, Firefox Hello will be discontinued and removed from Firefox. This will happen automatically when you update to version 49 of Firefox — no extra steps are needed.
Firefox Hello has been discontinued and removed from Firefox starting with version 49. This happened automatically when you updated to version 49 of Firefox — no extra steps are needed.
Here are a few alternatives to Hello. We hope you’ll find one you’ll like:

Talky: Provides both video and screen sharing using WebRTC.
Cisco Spark: Create rooms for video calling, group messaging and sharing.
Appear.in: Group video calling for up to eight people.
Jitsi Meet: Group video calling and screen sharing using WebRTC.
Thank you for supporting the Hello beta. We will continue to develop and improve WebRTC (Web Real-Time Communications), the underlying technology for Hello.

If you need help with any of these alternatives, please contact them directly.


Original URL: http://feedproxy.google.com/~r/feedsapi/BwPx/~3/H6lkHjw_gqM/hello-status

Original article

Microsoft may finally have a Slack slayer

Despite a varied portfolio of collaboration services, Microsoft is still struggling to field a strong competitor to enterprise group messaging apps like Slack and HipChat.
It has SharePoint, Skype for Business and Yammer, but none of them is really a direct competitor to the slickly designed, GIF-stuffed and bot-laden crop of modern messaging applications. 
That may be about to change, according to a report from MSPoweruser on Tuesday. 
Microsoft is supposed to be working on Skype Teams, a new service with group chat capabilities that’s a more direct competitor to Slack. The service, currently being tested internally at Microsoft, is supposed to let users chat both privately and in groups. It has a number of features now found in Skype, including video and voice calling.To read this article in full or to leave a comment, please click here


Original URL: http://www.computerworld.com/article/3117054/enterprise-applications/microsoft-may-finally-have-a-slack-slayer.html#tk.rss_all

Original article

$67 billion Dell-EMC deal closes today

 Last Fall, rumors began circulating that Dell was interested in acquiring EMC. On October 12th, the rumors proved true when Dell announced it was buying EMC for an astonishing $67 billion, a record price for a tech acquisition. Almost a year later, for better or worse (richer or poorer), that deal is official today. While the parties might like to frame this as a deal with little drama, the… Read More


Original URL: http://feedproxy.google.com/~r/Techcrunch/~3/vhrZwlN-lBk/

Original article

Proudly powered by WordPress | Theme: Baskerville 2 by Anders Noren.

Up ↑

%d bloggers like this: