Matrix42 Workspace Management 9.1.2.2765 Cross Site Scripting Vulnerability

Matrix42 Workspace Management version 9.1.2.2765 suffers from a persistent cross site scripting vulnerability. Matrix42 Workspace Management 9.1.2.2765 – Stored Cross-Site Scripting =============================================================================== Identifiers...

Moderate: Red Hat Security Advisory: Red Hat CodeReady Workspaces 2.1.0 release

Red Hat CodeReady Workspaces 2.1.0 has been released. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in th...

Authorization Bypass

drupal/drupal is vulnerable to authorization bypass. The vulnerability exists when the experimental Workspaces is enabled as Drupal does not properly check if the user owns the workspace...

Drupal (SA-CORE-2019-008) Wordspaces Extension Access Bypass PoC

PenTestIT RSS Feed Last week, an advisory SA-CORE-2019-008 addressing a Drupal access bypass vulnerability was made public. MITRE assigned CVE-2019-6342 to this critical vulnerability. This is post to document the steps I took to create a PoC for SA-CORE-2019-008. Last such post on this blog was...

Drupal 8.7.4 Access Bypass Vulnerability (SA-CORE-2019-008) (drupal-2019-07-17)

According to its self-reported version, the instance of Drupal running on the remote web server is 8.7.4. It is, therefore, affected by an access bypass condition when the experimental Workspaces module is enabled. Note this vulnerability does not affect any release other than Drupal 8.7.4. Drupa...

Drupal Access Bypass Vulnerability (SA-CORE-2019-008) - Linux

In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. SPDX-FileCopyrightText: 2019 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

DRUPAL-CORE-2019-008

In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not...

Drupal core - Critical - Access bypass - SA-CORE-2019-008

In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4. Drupal 8.7.3 and earlier, Drupal 8.6.x and earlier, and Drupal 7.x are not...

drupal -- Drupal core - Access bypass

Drupal Security Team reports: In Drupal 8.7.4, when the experimental Workspaces module is enabled, an access bypass condition is created. This can be mitigated by disabling the Workspaces module. It does not affect any release other than Drupal 8.7.4...

Carbon Black + VMware at RSA2019: Working Together to Secure the Digital Workspace

VMware and Carbon Black have a strong history of working together to fundamentally change the model for securing the virtualized data center, a concept that is resounding with attendees here at RSA2019 in San Francisco. A little more than a year ago, we announced a jointly developed, integrated...

Firework - Leveraging Microsoft Workspaces in a Penetration Test

Firework is a proof of concept tool to interact with Microsoft Workplaces creating valid files required for the provisioning process. The tool also wraps some code from Responder to leverage its ability to capture NetNTLM hashes from a system that provisions a Workplace feed via it. This tool may...

Sn1per v4.4 - Automated Pentest Recon Scanner

Sn1per is an automated scanner that can be used during a penetration test to enumerate and scan for vulnerabilities. DEMO VIDEO: FEATURES: Automatically collects basic recon ie. whois, ping, DNS, etc. Automatically launches Google hacking queries against a target domain Automatically enumerates...

GLSA-201803-09 : KDE Plasma Workspaces: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201803-09 KDE Plasma Workspaces: Multiple vulnerabilities Multiple vulnerabilities have been discovered in KDE Plasma Workspaces. Please review the referenced CVE identifiers for details. Impact : An attacker could execute arbitra...

BlackBerry Workspaces Server Path Traversal Vulnerability

BlackBerry Workspaces Server is a suite of file synchronization and sharing software from BlackBerry Canada. A path traversal vulnerability exists in BlackBerry Workspaces Server. An attacker can exploit this vulnerability by constructing a URL using a POST request to execute or upload arbitrary...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

CVE-2017-9367

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request...

Information disclosure

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

Directory traversal

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request...

CVE-2017-9367

A directory traversal vulnerability in the BlackBerry Workspaces Server could potentially allow an attacker to execute or upload arbitrary files, or reveal the content of arbitrary files anywhere on the web server by crafting a URL with a manipulated POST request...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...