3930 matches found
IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen
IT-Grundschutz M4.019: Restriktive Attributvergabe bei Unix-Systemdateien und -verzeichnissen. Stand: 14. Ergaenzungslieferung 14. EL. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders...
Linux/x86 - Reverse TCP Shell 72 bytes
Linux/x86 - Reverse TCP Shell 72 bytes. Shellcode exploit for linx86 platform / Linux x86 - Reverse TCP Shell - 72 bytes Author: xmgv Details: https://xmgv.wordpress.com/2015/02/21/slae-assignment-2-reverse-shell/ / / global start section .text start: ; socketAFINET, SOCKSTREAM, 0; push 0x66 ;...
Cisco Meraki Systems Manager CSRF / XSS / Functionality Abuse
, , . '.' '. ', . , '. , .', , / / / \ \ ==/ /\ \ / / \ / \ / / | \ \ Y Y \ / /| / \ /||| / / /.-. / /:wq x.0 '=.|w|.=' =''"''=. presents.. Cisco Meraki Systems Manager Multiple Vulnerabilities Affected Versions: Cisco Meraki Systems Manager - Unknown Versions PDF:...
CVE-2014-0204
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
CVE-2014-0204
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
CVE-2014-0204
OpenStack Identity Keystone before 2014.1.1 does not properly handle when a role is assigned to a group that has the same ID as a user, which allows remote authenticated users to gain privileges that are assigned to a group with the same ID...
Arbitrary Command Execution
Overview Affected versions of this package are vulnerable to Arbitrary Command Execution due to the assignment functions accessing constructors functions, allowing attackers to execute their malicious code. Remediation Upgrade angularjs to version 1.3.2 or higher. References - GitHub ChangeLog -...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: CVE-2014-5665, CVE-2014-5982. Reason: this ID was intended for one issue, but was assigned to two issues by a CNA. Notes: All CVE users should consult CVE-2014-5665 and CVE-2014-5982 to determine which ID is appropriate. All reference...
rubygem-activerecord: Strong Parameter bypass with create_with
It was discovered that Active Record's createwith method failed to properly check attributes passed to it. A remote attacker could possibly use this flaw to bypass the strong parameter protection and modify arbitrary model attributes via mass assignment if an application using Active Record calle...
Important: Red Hat Security Advisory: ror40-rubygem-activerecord security update
Updated ror40-rubygem-activerecord packages that fix one security issue are now available for Red Hat Software Collections 1. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity...
Shopizer 1.1.5 Multiple Vulnerability
Shopizer version 1.1.5 suffers from remote command execution, cross site request forgery, cross site scripting, data manipulation , authorization bypass and hardcoded key vulnerabilities. title: Multiple critical vulnerabilities in Shopizer webshop product: Shopizer vulnerable version: 1.1.5 and...
Foreman (Red Hat OpenStack/Satellite) users/create Mass Assignment
No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' class Metasploit4...
Microsoft Internet Explorer 5.0.1 JavaScript Method Assignment Cross-Domain Scripting Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/10689/info A vulnerability exists in Microsoft Internet Explorer that may allow cross-domain/cross-zone scripting. It is reported that the vulnerability presents itself due to a failure to properly validate trust...
CVE-2014-0213
Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...
CVE-2014-0213
Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...
Cross site request forgery (csrf)
Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...
CVE-2014-0213
CVE-2014-0213: In Moodle, multiple CSRF weaknesses in mod/assign/locallib.php allow remote attackers to hijack the authentication of teachers for quick-grading requests. Vulnerable in Moodle up to 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3. Remediation is to upgrade t...
CVE-2014-0213
Multiple cross-site request forgery CSRF vulnerabilities in mod/assign/locallib.php in the Assignment subsystem in Moodle through 2.3.11, 2.4.x before 2.4.10, 2.5.x before 2.5.6, and 2.6.x before 2.6.3 allow remote attackers to hijack the authentication of teachers for quick-grading requests...
Risk of mass-assignment vulnerabilities
More info at https://laravel.com/docs/5.3/upgradeupgrade-4.1.29...
Risk of mass-assignment vulnerabilities
More info at https://laravel.com/docs/5.1/upgradeupgrade-4.1.29...