SecurityHome.eu Security vulnerability: Piwik Signature Validation

Home / vulnerabilities PDF

Piwik Signature Validation
Posted on 03 March 2015
Source : packetstormsecurity.org Link

Piwik is an open-source web analytics tool. Its updater downloads and
executes PHP code over an insecure (not-HTTPS) connection. The issue was
reported on the public GitHub tracker in October of 2014 and remains
unfixed.

https://github.com/piwik/piwik/issues/6441

Code signing is implemented, but signatures are not verified.

Workaround: Manually download the update over HTTPS (the build server
has a valid SSL certificate), and check the signatures yourself.

-Taylor

TOP

Malware :

RATDispenser
whispergate
Borat RAT
Trojanized X_Trader
BlackLotus

Last 20

Exploits :

Customer Support System 1.0 Cross Site Scripting
Xhibiter NFT Marketplace 1.10.2 SQL Injection
WordPress WPCode Lite 2.1.14 Cross Site Scripting
Azon Dominator Affiliate Marketing Script SQL Injection
Simple Laboratory Management System 1.0 SQL Injection

Last 20