Home Security Codex * Patches * PDF documents Feature request / bug report Webtemplates Credits Language Contact Tutorials Tips & Tricks

Security Codex - Vulnerabilities in Horizon QCMS

Vulnerabilities in Horizon QCMS

Like many modern software packages, Horizon QCMS is updated regularly to address new security issues that may arise. Improving software security is always an ongoing concern, and to that end you should always keep up to date with the latest version of Horizon QCMS. Older versions of Horizon QCMS are not maintained with security updates.

Updating Horizon QCMS

The latest version of Horizon QCMS is always available from the main Horizon QCMS website at http://www.hnqcms.com and on sourceforge.net at http://hnqcms.sourceforge.net/

Official releases are not available from other sites -- never download or install Horizon QCMS from any website other than http://www.hnqcms.com or http://hnqcms.sourceforge.net/

Reporting Security Issues

If you think you have found a security flaw in Horizon QCMS, you can help by reporting the issue. 

Click here to report a security flaw


Web Server Vulnerabilities

The web server running Horizon, and the software on it, can have vulnerabilities. Therefore, make sure you are running secure, stable versions of your web server and the software on it, or make sure you are using a trusted host that takes care of these things for you.

If you're on a shared server (one that hosts other websites besides your own) and a website on the same server is compromised, your website can potentially be compromised too even if you follow everything in this guide. Be sure to ask your web host what security precautions they take.

Network Vulnerabilities

The network on both ends -- the Horizon server side and the client network side -- should be trusted. That means updating firewall rules on your home router and being careful about what networks you work from. An Internet cafe where you are sending passwords over an unencrypted connection, wireless or otherwise, is not a trusted network.

Your web host should be making sure that their network is not compromised by attackers, and you should do the same. Network vulnerabilities can allow passwords and other sensitive information to be intercepted.

Passwords

Many potential vulnerabilities can be avoided with good security habits. A strong password is an important aspect of this.

The goal with your password is to make it hard for other people to guess and hard for a brute force attack to succeed.

Also keep in mind that Horizon QCMS doesn't come with a default username and that usernames are case sensitive and may contain spaces.

A strong password is necessary not just to protect your content. A hacker who gains access to your administrator account is able to install malicious scripts that can potentially compromise your entire server.