Loganalyzer Cross Site Scripting Vulnerability in oracle_query paramater

A cross-site scripting vulnerability in the oracle_query parameter of the asktheoracle.php page was brought to our attention by Mohd Izhar Bin Ali. We thank then for giving us the chance to fix this issue before releasing information into the public. More details about the vulnerabilities can be found in this security advisory. Continue reading “Loganalyzer Cross Site Scripting Vulnerability in oracle_query paramater”

LogAnalyzer 3.6.0 (v3-stable)

Download file name: LogAnalyzer 3.6.0 (v3-stable)

Version 3.6.0 (stable), 2012-12-04

  • Bugfix: Fixed “DiskAllowed” checking in Disklogstream. Filenames are now correctly checked against allowed folders. This check was added for  security reasons before.
  • Fixes #bugid 369: http://bugzilla.adiscon.com/show_bug.cgi?id=369
    The DefaultviewID was accidentally overwritten with default value.
  • Fixes #bugid 375: http://bugzilla.adiscon.com/show_bug.cgi?id=369
    User and Group data is now deleted when removing them from the UserDB.
  • Bugfix: Added missing dependency for the Checksum field in “EventLog Audit” and “EventLog Logon/Logoff” report.

 

Version: 3.6.0
File size: 1043066 bytes