Sophos Web Protection Appliance sblistpack Arbitrary Command Execution
19 September 2013
The get_referers function in /opt/ws/bin/sblistpack in Sophos Web Appliance before 220.127.116.11 and 3.8 before 18.104.22.168 allows remote attackers to execute arbitrary commands via shell metacharacters in the domain parameter to end-user/index.php.
CVSS v2 Base Score: 10.0 (AV:N/AC:L/Au:N/C:C/I:C/A:C)
Here are the major considerations organizations should incorporate into their compliance programs, as well as pitfalls that can be avoided to ensure businesses stay compliant while using cloud computing.
Researchers from Palo Alto Networks and WeipTech have unearthed a scheme that resulted in the largest known Apple account theft caused by malware. All in all, some 225,000 valid Apple accounts have been compromised.