Malicious Package

Overview @cplace-project-planning-fe/cf-project-planning is a malicious package. This package contains malicious code, and its content was removed from the official package manager. While this package might be attempting to impersonate a valid organization, there is no connection between that...

Plane 代码问题漏洞

Plane is an open-source, self-hosted project planning tool developed by Plane OpenSource. Versions of Plane prior to 1.2.3 contained code vulnerabilities. These vulnerabilities stemmed from the Webhook URL validation only checking ip.isloopback, which could allow attackers with the ADMIN role to...

Time for Reflection and Thanks

Most of the programs I ran used calendar years for project planning, budgets, etc. I always found November to be a good time to reflect on the progress made, plan for the next year, and give thanks for all the positive steps in the right direction. In general, I followed the SWOTT method for...

IT Operations and Security: It’s Time to Build Something Better Together

Having been in the industry for longer than I care admit, I have seen the growth pre and post public internet. With that growth, there have been many changes with how organizations address the balance of IT Operations and Security, where tension still exists. IT Ops must keep the business running...

Simple Online Planning Tool 1.3.2 XSS / SQL Injection / Traversal

SOPlanning - Simple Online Planning Tool multiple vulnerabilities CVEs: CVE-2014-8673, CVE-2014-8674, CVE-2014-8675, CVE-2014-8676, CVE-2014-8677 Vendor: http://www.soplanning.org/ Product: SOPlanning - Simple Online Planning Version affected: 1.32 and prior Product description: SO Planning is an...