176 matches found
Debian DLA-1635-1 : sssd security update
A vulnerability was found in sssd. If a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through chroot...
CVE-2019-3811
A vulnerability was found in sssd where, if a user was configured with no home directory set, sssd would return '/' the root directory instead of '' the empty string / no home directory. This could impact services that restrict the user's filesystem access to within their home directory through...
Elastic Cloud Enterprise (ECE) Information Disclosure Vulnerability (CNVD-2019-17471)
Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. An information disclosure vulnerability exists in Elastic Cloud Enterprise ECE, which can be exploited by an attacker to access...
Cannot access the url for SSPR: Getting HTTP error 403.14 :Forbidden
Setup for user configuration has been done. Now when I try to access the sspr url; it doesnt go through. Tried on one machineSSPR server and with one user...
CVE-2018-17044
In YzmCMS 5.1, stored XSS exists via the admin/systemmanage/userconfigadd.html title parameter...
GHSA-M85C-9MF8-M2M6 Unsafe deserialization in confire
An exploitable vulnerability exists in the YAML parsing functionality in config.py in Confire 0.2.0. Due to the user-specific configuration being loaded from "/.confire.yaml" using the yaml.load function, a YAML parser can execute arbitrary Python commands resulting in command execution. An...
Microsoft Windows: Do not preserve zone information in file attachments
This test checks the setting for policy OpenVAS Vulnerability Test $Id: winzoneinfoattachments.nasl 11344 2018-09-12 06:57:52Z emoss $ Check value for Do not preserve zone information in file attachments users listed in HKU Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH...
Microsoft Office: Allow including screenshot with Office Feedback
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013includescreenshotsofficefeedback.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Allow including screenshot with Office Feedback Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH,...
Microsoft Office: Send Office Feedback
This test checks the setting for policy OpenVAS Vulnerability Test $Id: office2013sendofficefeedback.nasl 11843 2018-10-11 14:33:21Z emoss $ Check value for Send Office Feedback Authors: Emanuel Moss Copyright: Copyright c 2018 Greenbone Networks GmbH, http://www.greenbone.net This program is fre...
Improved Control Over the Remote Language Bar for Seamless Published Applications
Introduction This feature enhancement first appears in the XenApp and XenDesktop 7.17 Product Release. Code changes to support this feature were required in Windows VDA version 7.17 and Receiver for Windows 4.11. Using the Receiver for Windows UI, users can now configure whether they want to...
CVE-2015-3639
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...
CVE-2015-3639
phpMyBackupPro 2.5 and earlier does not properly sanitize input strings, which allows remote authenticated users to execute arbitrary PHP code by storing a crafted string in a user configuration file...
How to Configure NetScaler MAS for readonly access via TACACS using Cisco ACS
Configure NetScaler MAS and Cisco ACS to provide readonly access to users for MAS...
For the Node. js in the node-serialize module deserialization vulnerability the subsequent analysis-vulnerability warning-the black bar safety net
Of the Node. js serialization remote command execution vulnerabilities of a number of follow-up found and how to develop the attack load. A few days ago I was in opsecx blog found an article How to use a named node-serialize nodejs module in the RCE remote code execution error blog. The article...
Cisco AsyncOS Security Bypass Vulnerability (CNVD-2016-10397)
The Cisco AsyncOS operating system is available to enhance the security and performance of Cisco email security appliances. A remote security bypass vulnerability exists in Cisco AsyncOS, where an unauthenticated, remote attacker bypasses a user's configuration on the appliance and performs an...
The vulnerability of the GNU Mailman mailing system allows a hacker to gain access to the authentication data of arbitrary users.
The vulnerability of the GNU Mailman system’s user configuration page relates to the manipulation of cross-site requests. Exploiting this vulnerability allows a malicious actor to remotely access the authentication data of arbitrary users through modified requests. As a result, the access to the...
Microsoft Windows 7 (x86/x64) - Group Policy Privilege Escalation (MS16-072)
Exploit Title: Group Policy Elevation of Privilege Vulnerability Date: 08-08-2016 Exploit Author: Nabeel Ahmed Tested on: Windows 7 Professional x32/x64 CVE : CVE-2016-3223 Category: Privilege Escalation SPECIAL CONFIG: Standard Domain Member configuration with valid credentials. Standard Domain...
Skype User Configuration Files
Nessus was able to collect the Skype user configuration files for each system user. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid92432; scriptversion"1.5"; scriptcvsdate"Date: 2018/05/23 16:10:01"; scriptnameenglish:"Skype User Configuration Files";...
SUSE-RU-2015:0611-1 Recommended update for SUSE Manager Server 2.1
This collective update for SUSE Manager Server 2.1 provides the following new features: Connect SUSE Manager to the SUSE Customer Center. Manage SLE12 systems. ISS: export/import information about cloned channels to support Service Pack migration on ISS slaves. FATE317789 New API calls:...
jenkins: default markup formatter permits offsite-bound forms (SECURITY-88)
Cross-site scripting XSS vulnerability in the default markup formatter in Jenkins 1.523 allows remote attackers to inject arbitrary web script or HTML via the Description field in the user configuration...