Debian DLA-263-1 : ruby1.9.1 security update

Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly restricting the ability to trigger hash collisions predictably, allowing context-dependent attackers to cause a deni...

[SECURITY] [DLA 263-1] ruby1.9.1 security update

Package : ruby1.9.1 Version : 1.9.2.0-2+deb6u5 CVE ID : CVE-2012-5371 CVE-2013-0269 Debian Bug : 693024 700471 Two vulnerabilities were identified in the Ruby language interpreter, version 1.9.1. CVE-2012-5371 Jean-Philippe Aumasson identified that Ruby computed hash values without properly...

SUSE SLES11 Security Update : Xen (SUSE-SU-2015:0745-1)

The Virtualization service XEN was updated to fix various bugs and security issues. The following security issues have been fixed : CVE-2015-2756: XSA-126: Unmediated PCI command register access in qemu could have lead to denial of service attacks against the host, if PCI cards are passed through...

Debian DLA-215-1 : libjson-ruby security update

The JSON gem for Ruby allowed remote attackers to cause a denial of service resource consumption or bypass the mass assignment protection mechanism via a crafted JSON document that triggers the creation of arbitrary Ruby symbols or certain internal objects, as demonstrated by conducting a SQL...

DLA-215-1 libjson-ruby - security update

Bulletin has no description...

IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen

IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen. Stand: 14. Ergaenzungslieferung 14. EL. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...

Linux/x86 - Reverse TCP Shell 72 bytes

Linux/x86 - Reverse TCP Shell 72 bytes. Shellcode exploit for linx86 platform / Linux x86 - Reverse TCP Shell - 72 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/02/21/slae-assignment-2-reverse-shell/ / / global start section .text start: ; socketAFINET, SOCKSTREAM, 0; push 0x66 ;...

Cisco Meraki Systems Manager CSRF / XSS / Functionality Abuse

, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Cisco Meraki Systems Manager Multiple Vulnerabilities Affected Versions: Cisco Meraki Systems Manager - Unknown Versions PDF:...

CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

CVE-2014-0204

OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...

Arbitrary Command Execution

Overview Affected versions of this package are vulnerable to Arbitrary Command Execution due to the assignment functions accessing constructors functions, allowing attackers to execute their malicious code. Remediation Upgrade angularjs to version 1.3.2 or higher. References - GitHub ChangeLog -...

Design/Logic Flaw

Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5665, CVE-2014-5982. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5665 and CVE-2014-5982 to determine which ID is appropriate. All reference...

Important: Red Hat Security Advisory: ror40-rubygem-activerecord security update

Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...

rubygem-activerecord: Strong Parameter bypass with create_with

It was discovered that Active Record's createwith method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record calle...

Shopizer 1.1.5 Multiple Vulnerability

Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, data manipulation , authorization bypass and hardcoded key vulnerabilities. title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and...

Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10689/info A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust...

Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...

CVE-2014-0213

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...