260 matches found
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions...
Design/Logic Flaw
Rejected reason: DO NOT USE THIS CANDIDATE NUMBER. ConsultIDs: none. Reason: A public posting on 20130831 referenced this ID for a specific issue, but that issue had not been assigned this ID by any CNA. Notes: The posting will later have IDs assigned in accordance with CVE content decisions...
User-defined properties on DOM proxies get the wrong "this" object — Mozilla
Mozilla developer Boris Zbarsky reported that user-defined getters on DOM proxies would incorrectly get the expando object as this. It is unlikely that this is directly exploitable but could lead to JavaScript client or add-on code making incorrect security sensitive decisions based on hacker...
JBoss: custom authorization module implementations shared between applications
Red Hat JBoss Enterprise Application Platform EAP before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control...
JBoss: custom authorization module implementations shared between applications
Red Hat JBoss Enterprise Application Platform EAP before 6.1.0 and JBoss Portal before 6.1.0 does not load the implementation of a custom authorization module for a new application when an implementation is already loaded and the modules share class names, which allows local users to control...
ABC hacked after anti-Islam politician Interview
The Australian Broadcasting Corporation ABC is investigating data breach after Lateline interviewed Dutch anti-Islam politician Geert Wilders. A hacker going by the handle "Phr0zenMyst" has claimed to have hacked a web site associated with the ABC television program Making Australia Happy, leakin...
CVE-2012-6093
The QSslSocket::sslErrors function in Qt before 4.6.5, 4.7.x before 4.7.6, 4.8.x before 4.8.5, when using certain versions of openSSL, uses an "incompatible structure layout" that can read memory from the wrong location, which causes Qt to report an incorrect error when certificate validation fai...
CVE-2012-6093
Removed by vendor...
Encryption: It's Complicated
Data breaches have become so common at this point that the mere fact that a government agency such as the South Carolina Department of Revenue loses several million Social Security numbers and credit card numbers isn’t really that noteworthy. It’s another day in the life of the Internet. But what...
Google Building Privacy Red Team
Google, which has come under fire for years for its privacy practices and recently settled a privacy related case with the Federal Trade Commission that resulted in a $22.5 million fine, is building out a privacy “red team”, a group of people charged with finding and resolving privacy risks in th...
Navy Hires Contractor to Data-Mine Gaming Consoles
The U.S. Navy recently hired an outside contractor, Obscure Technologies, to develop computer forensics tools capable of analyzing network traffic and stored data on gaming consoles. The contract, valued at $177,237.50, calls on Obscure Technologies to create hardware and software tools that can ...
krb5 -- unkeyed PAC checksum handling vulnerability
The MIT Kerberos team reports: MIT krb5 incorrectly accepts an unkeyed checksum for PAC signatures. An authenticated remote attacker can forge PACs if using a KDC that does not filter client-provided PAC data. This can result in privilege escalation against a service that relies on PAC contents t...
SA-CONTRIB-2010-037 - Decisions - Access bypass
Decisions is a replacement for poll.module and provides advanced voting systems and decision-making tools. It aims to enable groups to take decisions online in a manner that replicates and augments what is possible in face-to-face meeting. In some listings, the Decisions module does not construct...
IS Decisions RemoteExec '.rec' Remote Buffer Overflow
The remote host is running IS Decisions RemoteExec, a computer- management application. The installed version is earlier than 4.0.5. Such versions are potentially affected by a buffer overflow vulnerability when processing specially crafted '.rec' files. An attacker, exploiting this flaw, could...
RSA 2010: Cryptographers Discuss Wisdom of 'Foolishness'
At the RSA conference in San Francisco, a panel of leading cryptographers reveal some of the lessons they have learned while making seemingly imprudent decisions. By going against the grain, new objectives can be made and boundaries overcome...
Security Metrics Are Useless Without a Plan
WASHINGTON–There has been a big push in recent years in the security community toward metrics, and measurements of all types have become a hot topic in certain corners of the industry. But measurement for measurement’s sake is useless-and perhaps even counterproductive–if the security team in an...
CVE-2009-0034
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...
CVE-2009-0034
parse.c in sudo 1.6.9p17 through 1.6.9p19 does not properly interpret a system group aka %group in the sudoers file during authorization decisions for a user who belongs to that group, which allows local users to leverage an applicable sudoers file and gain root privileges via a sudo command...
CVE-2004-0063
The SPPVerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a StatusOK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number...
CVE-2004-0063
The SPPVerifyPVV function in nCipher payShield SPP library 1.3.12, 1.5.18 and 1.6.18 returns a StatusOK value even if the HSM returns a different status code, which could cause applications to make incorrect security-critical decisions, e.g. by accepting an invalid PIN number...