CVE-2019-7869

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups...

Cross site scripting

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups...

CVE-2019-7869

A stored cross-site scripting vulnerability exists in the admin panel of Magento 2.1 prior to 2.1.18, Magento 2.2 prior to 2.2.9, Magento 2.3 prior to 2.3.2. This can be exploited by an authenticated user with permissions to manage customer groups...

CVE-2019-7869

Magento 2.x stores a stored XSS in the admin panel, exploitable by an authenticated user with permission to manage customer groups. Affected versions: 2.1.x before 2.1.18, 2.2.x before 2.2.9, 2.3.x before 2.3.2. Remediation: apply the security updates released for these branches (e.g., Magento 2....

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames SEC-260...

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames SEC-260...

CVE-2017-18453

cPanel before 64.0.21 does not preserve supplemental groups across account renames SEC-260...

Unauthorized Modification

moodle is vulnerable to unauthorized modification. The vulnerability is possible because it does not observe separate groups mode before overriding assignment group, allowing teachers in an assignment group to modify group overrides...

VDAs are not registering using a published image - Use GPO/GPP/Restricted Groups to add the proper accounts and services

VDAs are not appearing as registered, in Studio, no matter what is done to the image or the configuration of the VDA in the Platform Layer...

UBUNTU-CVE-2019-10189

A flaw was found in moodle before versions 3.7.1, 3.6.5, 3.5.7. Teachers in an assignment group could modify group overrides for other groups in the same assignment...

Nation-State Actors Go All-In on Mobile Malware

APTs, including a range of nation-state groups operating in China, North Korea, Pakistan and Russia, are shifting their malware development focus to target mobile users for intelligence gathering, financial gain and disruption of national rivals. That’s according to CrowdStrike’s Mobile Threat...

Changing California’s privacy law: A snapshot at the support and opposition

This month, the corporate-backed, legislative battle against California privacy met a blockade, as one Senate committee voted down and negotiated changes to several bills that, as originally written, could have weakened the state’s data privacy law, the California Consumer Privacy Act. Though the...

DEBIAN-CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

Type confusion

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

CVE-2019-9816

Summary: CVE-2019-9816 is a type confusion vulnerability involving manipulation of JavaScript objects in object groups, affecting Mozilla products (Thunderbird and Firefox/Firefox ESR) and specifically related to UnboxedObjects, which are disabled by default on all supported releases. The issue i...

CVE-2019-9816

A possible vulnerability exists where type confusion can occur when manipulating JavaScript objects in object groups, allowing for the bypassing of security checks within these groups. Note: this vulnerability has only been demonstrated with UnboxedObjects, which are disabled by default on all...

CVE-2019-13977

index.php in Ovidentia 8.4.3 has XSS via tg=groups, tg=maildoms&idx=create&userid=0&bgrp=y, tg=delegat, tg=site&idx=create, tg=site&item=4, tg=admdir&idx=mdb&id=1, tg=notes&idx=Create, tg=admfaqs&idx=Add, or tg=admoc&idx=addoc&item=...

Kaspersky Security Center 11 API: getting information about hosts and installed products

I spent a lot of time last week working with the new API of Kaspersky Security Center 11. KSC is the administration console for Kaspersky Endpoint Protection products. And it has some pretty interesting features besides the antivirus/antimalware, for example, vulnerability and patch management. S...

GitLab: Stored XSS in "Create Groups"

NOTE! Thanks for submitting a report! Please replace all the parenthesized sections below with the pertinent details. Remember, the more detail you provide, the easier it is for us to triage and respond quickly, so be sure to take your time filling out the report! Summary Stored attacks are those...

AlwaysOn Availability Groups cannot be selected while restoring a SQL database to Microsoft SQL Server 2017 after installation of CU15

Challenge You try to restore a SQL database to Microsoft SQL Server 2017 with CU15 that supports AlwaysOn Availability Groups, but you are not able to select an availability group at the "Specify AlwaysON Restore Options" step. Cause ServerNetworkProtocolProperty is missing in CU15 for SQL Server...