postgresql: pg_user_mappings view discloses foreign server passwords

It was found that the pgusermappings view could disclose information about user mappings to a foreign database to non-administrative database users. A database user with USAGE privilege for this mapping could, when querying the view, obtain user mapping data, such as the username and password use...

postgresql: Selectivity estimators bypass SELECT privilege checks

It was found that some selectivity estimation functions did not check user privileges before providing information from pgstatistic, possibly leaking information. A non-administrative database user could use this flaw to steal some information from tables they are otherwise not allowed to access...

CVE-2016-4383

An immutability flaw was discovered in openstack-glance, where the glance-manage DB allows deleted image IDs to be reassigned. The flaw could be exploited to allow remote authenticated users to cause other users to boot into a malicious image without knowing it. Mitigation For this flaw to be...

Cross site scripting

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

CVE-2016-8751

Apache Ranger before 0.6.3 is vulnerable to a Stored Cross-Site Scripting in when entering custom policy conditions. Admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

spacewalk-backend: spacewalk-channel can be used by non-admin or disabled users for performing administrative tasks

It was found that spacewalk-channel can be used by a non-admin user or disabled users to perform administrative tasks due to an incorrect authorization check in backend/server/rhnChannel.py...

Agorum Core Pro 7.8.1.4-251 Insecure Direct Object Reference

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Advisory ID: SYSS-2017-006 Product: agorum core Pro Manufacturer: agorum Software GmbH Affected Versions: 7.8.1.4-251 Tested Versions: 7.8.1.4-251 Vulnerability Type: Insecure Direct Object Reference CWE-932 Risk Level: High Solution Status: Open...

Dropbox: CSV Injection with the CVS export feature

The report mentions a well known problem with any CSV export function. If the exported data has an Excel formula, the user will be warned and if the user clicks through a warning they might get some code execution. At the same time, fixing this bug means that the CSV data is no longer correct and...

Stored Cross-Site Scripting (XSS)

Apache Ranger is vulnerable to stored cross-site scripting XSS attacks. When entering custom policy conditions, admin users can store some arbitrary javascript code to be executed when normal users login and access policies...

UBUNTU-CVE-2017-6446

XSS was discovered in Dotclear v2.11.2, affecting admin/blogs.php and admin/users.php with the sortby and order parameters...

CVE-2017-3795

A vulnerability in Cisco WebEx Meetings Server could allow an authenticated, remote attacker to conduct arbitrary password changes against any non-administrative user. More Information: CSCuz03345. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

CVE-2017-3794

A vulnerability in Cisco WebEx Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site request forgery CSRF attack against an administrative user. More Information: CSCuz03317. Known Affected Releases: 2.6. Known Fixed Releases: 2.7.1.12...

How to set the keyboard to automatically pop up while opening the app with Receiver for iPad

This article is intended for Citrix administrators and technical teams only.Non-admin users must contact their company’s Help Desk/IT support team and can refer toCTX297149for more information Users need to be able to access the keyboard in Receiver. We would like this function to come up...

Foreman 1.10.x < 1.11.4, 1.12.0 Information Disclosure Vulnerability

Foreman is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:theforeman:foreman";...

baserCMS plugin Mail vulnerable to cross-site request forgery

Overview baserCMS provided by baserCMS User Group is an opensource content management system. baserCMS and bundled plugin Mail contain a cross-site request forgery vulnerability. Isao Takaesu of Mitsui Bussan Secure Directions, Inc. reported this vulnerability to IPA. JPCERT/CC coordinated with t...

Error: "AddOrRemoveSSONProvOrder: Could Not Open Key for Access" While Installing Receiver 14.4.1

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. "AddOrRemoveSSONProvOrder: Could not open key for access."...

Win10 - Receiver4.3: Runtime Error for Wfica32.exe when launching app

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Runtime Error for Wfica32.exe when launching app...

Vulnerability of Microsoft Office software, which allows a malicious actor to compromise the confidentiality, integrity, and accessibility of protected information

A vulnerability that allows for remote execution of code exists in Microsoft Office and is related to the processing of certain properties of Microsoft Word files. If a user with administrative privileges accesses the system, a malicious individual can gain full control over the system. They can...