Standing behind “MSRC Listens”

Last week at BlueHat’s “MSRC Listens” session, I took the stage with Mechele Gruhn, manager of the Vulnerability Response PM team, to explain how MSRC is changing our communication, workflows, and tooling to deliver an improved user experience for our partners in the security research community. ...

Security update for MozillaThunderbird (important)

This update for MozillaThunderbird to version 60.0 fixes the following issues: These security issues were fixed: - CVE-2018-12359: Prevent buffer overflow using computed size of canvas element bsc1098998. - CVE-2018-12360: Prevent use-after-free when using focus bsc1098998. - CVE-2018-12361:...

Zoho ManageEngine ADManager Plus Cross-Site Scripting Vulnerability

ZOHO ManageEngine ADManager Plus is a suite of Microsoft Active Directory management software from ZOHO designed for enterprise users using Windows domains. The software assists AD administrators and helpdesk technicians with day-to-day administrative tasks, such as batch management of user...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

Design/Logic Flaw

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 contains an XSS vulnerability in the Workflow Delegation > Requester Roles UI. The root cause is a cross-site scripting flaw in that screen, allowing injection of malicious script that could run in an affected user’s browser. Documents consistently identi...

CVE-2018-15740

Zoho ManageEngine ADManager Plus 6.5.7 has XSS on the "Workflow Delegation" "Requester Roles" screen...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Vulnerability

Exploit for php platform in category web applications Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Softwa...

ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting

Exploit Title: ManageEngine ADManager Plus 6.5.7 - Cross-Site Scripting Date: 2018-08-21 Exploit Author: Ismail Tasdelen Vendor Homepage: https://www.manageengine.com/ Hardware Link : https://www.manageengine.com/products/ad-manager/ Software : ZOHO Corp ManageEngine ADManager Plus Product Versio...

X (Formerly Twitter): Access MoPub Reports Data even after Company removed you from their MoPub Account.

Description + Attacking approach API Workflow : - The MoPub Reporting API supports two separate CSV outputs where publishers can retrieve inventory or campaign performance data. - Publishers can retrieve daily reports via making a GET request using the request parameters. - This URL will return a...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

Information disclosure

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

CVE-2017-2622 affects OpenStack Workflow (mistral). The vulnerability arises from a log directory being world-readable, enabling an information disclosure vulnerability for a malicious local user. Affected component: mistral service within OpenStack; root cause is improper directory permissions e...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

CVE-2017-2622

An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could exploit this flaw to access sensitive information...

PT-2018-7143 · Openstack · Openstack Workflow

Name of the Vulnerable Software and Affected Versions: OpenStack Workflow mistral affected versions not specified Description: An accessibility flaw was found in the OpenStack Workflow mistral service where a service log directory was improperly made world readable. A malicious system user could...