CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

Cross site scripting

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

Agorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions: 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: High Solution Status: Open...

Dropbox: CSV Injection with the CVS export feature

The report mentions a well known problem with any CSV export function. If the exported data has an Excel formula, the user will be warned and if the user clicks through a warning they might get some code execution. At the same time, fixing this bug means that the CSV data is no longer correct and...

Stored Cross-Site Scripting (XSS)

Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

UBUNTU-CVE-2017-6446

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters...

CVE-2017-3795

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

CVE-2017-3794

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

How to set the keyboard to automatically pop up while opening the app with Receiver for iPad

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Users need to be able to access the keyboard in Receiver. We would like this function to come up...

Foreman 1.10.x < 1.11.4, 1.12.0 Information Disclosure Vulnerability

Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

Error: "AddOrRemoveSSONProvOrder: Could Not Open Key for Access" While Installing Receiver 14.4.1

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. "AddOrRemoveSSONProvOrder: Could not open key for access."...

Win10 - Receiver4.3: Runtime Error for Wfica32.exe when launching app

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Runtime Error for Wfica32.exe when launching app...

Dating Pro Genie 2015.7 Cross Site Request Forgery

Advisory ID: HTB23294 Product: Dating Pro Vendor: DatingPro Vulnerable Versions: Genie 2015.7 and probably prior Tested Version: Genie 2015.7 Advisory Publication: February 10, 2016 without technical details Vendor Notification: February 10, 2016 Vendor Patch: February 29, 2016 Public Disclosure:...

Comodo Anti-Virus - SHFolder.dll Local Privilege Elevation Exploit

Exploit for windows platform in category local exploits SHFolder.DLL Local Privilege Elevation Exploit for Comodo Anti-Virus GeekBuddy Component by @LaughingMantis Greg Linares Since it took 146 days to fix a DLL Hijack issue I decided to drop this PoC: Technical Geeky Stuff GeekBuddy stores...

Audit CouchDB - The Simple, Clear, CouchDB Security Assessment

Audit CouchDB is a simple tool with a powerful message. Given an Apache CouchDB URL, it will tell you everything you ever wanted to know about its security. Objective Audit CouchDB will perform the following actions: 1. Learn every possible fact about the couch, for example: What is the server...