Code injection

Brocade Fabric OS versions before v9.0.0 and after version v8.1.0, configured in Virtual Fabric mode contain a weakness in the ldap implementation that could allow a remote ldap user to login in the Brocade Fibre Channel SAN switch with "user" privileges if it is not associated with any groups...

GitLab CE/EE Information Disclosure Vulnerability

GitLab is a Ruby on Rails-developed, self-hosted, Git version control system project repository application from the American company GitLab. The program can be used to access a project's file contents, commit history, bug lists, and more. A security vulnerability exists in GitLab CE/EE version...

pentest-wiki

This repository is an information gathering library for penetration testers and researchers, containing various tools and documentation for gathering information about a target organization. The repository includes scripts and guides for performing whois searches, querying whois databases, and...

NCSC Releases 2020 Annual Review

The United Kingdom UK National Cyber Security Centre NCSC has released its Annual Review 2020, which focuses on its response to evolving and challenging cyber threats. Recognizing cybersecurity as a “team sport,” the publication includes highlights of NCSC’s collaboration with many partners,...

Akamai Foundation and Employee Resource Groups Unite

Written by Kara DiGiacomo, Executive Director, Akamai Foundation and Marco Irizarry, Global Manger, Diversity, Inclusion and Social Responsibility On Giving Tuesday, we celebrate joining others in a global movement to give, collaborate, and transform communities and the world. As we think about h...

openSUSE Security Update : wpa_supplicant (openSUSE-2020-2059) (KRACK)

This update for wpasupplicant fixes the following issues : Security issue fixed : - CVE-2019-16275: Fixed an AP mode PMF disconnection protection bypass bsc1150934. Non-security issues fixed : - Enable SAE support jscSLE-14992. - Limit P2PDEVICE name to appropriate ifname size. - Fix wicked wlan...

Critical MobileIron RCE Flaw Under Active Attack

Advanced persistent threat APT groups are actively exploiting a vulnerability in mobile device management security solutions from MobileIron, a new advisory warns. The issue in question CVE-2020-15505 is a remote code-execution flaw. It ranks 9.8 out of 10 on the CVSS severity scale, making it...

Privilege Escalation

Moodle is vulnerable to privilege escalation. Users students are able to add entries within groups they do not belong to...

Code injection

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10...

CVE-2020-25700

In moodle, some database module web services allowed students to add entries within groups they did not belong to. Versions affected: 3.9 to 3.9.2, 3.8 to 3.8.5, 3.7 to 3.7.8, 3.5 to 3.5.14 and earlier unsupported versions. This is fixed in moodle 3.8.6, 3.7.9, 3.5.15, and 3.10...

Purgalicious VBA: Macro Obfuscation With VBA Purging

Malicious Office documents remain a favorite technique for every type of threat actor, from red teamers to FIN groups to APTs. In this blog post, we will discuss "VBA Purging", a technique we have increasingly observed in the wild and that was first publicly documented by Didier Stevens in Februa...

Moodle Override Access Vulnerability

Moodle is a free, open-source e-learning software platform, also known as a course management system, learning management system or virtual learning environment. Moodle suffers from a security vulnerability that stems from the fact that some database module web services allow students to add...

openssl security, bug fix, and enhancement update

1.1.1g-11 - Further changes for SP 800-56A rev3 requirements 1.1.1g-9 - Rewire FIPSdrbg API to use the RANDDRBG - Use the well known DH groups in TLS even for 2048 and 1024 bit parameters 1.1.1g-7 - Disallow dropping Extended Master Secret extension on renegotiation - Return alert from sserver if...

Smart Scale to Autoscale Migration

Table of Contents Manual Migration --- Automated Migration Prerequisites Migrate Good to know Important: This article is applicable only if you have the Sites section in Smart Scale. Sites that use the Virtual Apps and Desktops service appear as “Cloudxdsite” by default. To view Sites, go to Citr...

Restore Policy Console Utility

Created Date: 5/13/2016 Updated Date: 10/10/2017 Where to download ? Certain legacy Citrix tools are now available on request only. Please submit the request here - https://forms.gle/obA39PEz5qpDiSPq8 Once we verify your request, we will provide access to the download location. Description The...

MediaWiki Cosmos Skin Cross-Site Scripting Vulnerability

MediaWiki is a set of free and freely available web-based Wiki engines from the MediaWiki Wikimedia Foundation in the United States. It can be used to deploy in-house knowledge management and content management systems. A cross-site scripting vulnerability exists in MediaWiki Cosmos Skin version...

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

Removing the Groups from the Accounts>Groups page doesn't remove the references from the Project Permissions page

h3. Issue Summary Removing the Groups from the AccountsGroups page doesn't remove the references from the Project Permissions page and the Global permissions page h3. Steps to Reproduce Create a New group named "newtestgroup" Add a user to the Group Add the Group Access for "newtestgroup" under t...

Fedora 32 : 2:samba / krb5 (2020-939681213a)

KRB5 : - Cross-realm s4u fixes for samba 1836630 - Drop unnecessary conflict with openssl-libs = 3.0.0 - Unify kvno option documentation - Use systemctl reload to HUP the KDC during logrotate SAMBA : - Support S4U operations for Samba AD DC 1836630 - Fix lookup of users and groups when realm used...

Unable to limit visibility of applications to specific user groups

Previously able to restrict apps visibility to specific users or user groups using the 'Limit Visibility' option through the app properties. Now all company's users can see all apps when logging to the Cloud Workspace...