The system is missing one or more SuSE security patches. This update fixes four security issues. The first and less important bug can be exploited by remote attackers to bypass HTML tag filtering (cross-site-scripting prevention) by supplying special tags. These kind of tags should be ignored because they are not valid but they get accepted by some commercial web-browsers. The second bug can be exploited by remote attackers by triggering the memory_limit in unsafe states of a PHP execution path to execute arbitrary code. The third and fourth bug depend in bad array parsing of the user input via GET, POST and COOKIE. One could lead to overwriting variable $_FILES, while the other could expose some pieces of the php memory to the attacker.
With Rapid7 live dashboards, I have a clear view of all the assets on my network, which ones can be exploited, and what I need to do in order to reduce the risk in my environment in real-time. No other tool gives us that kind of value and insight.
– Scott Cheney, Manager of Information Security, Sierra View Medical Center