CVE-2014-4919

OXID eShop Professional Edition before 4.7.13 and 4.8.x before 4.8.7, Enterprise Edition before 5.0.13 and 5.1.x before 5.1.7, and Community Edition before 4.7.13 and 4.8.x before 4.8.7 allow remote attackers to assign users to arbitrary dynamical user groups...

Microsoft Releases Patches for 16 Critical Flaws, Including a Zero-Day

If you think that only CPU updates that address this year's major security flaws—Meltdown and Spectre—are the only ones you are advised to grab immediately, there are a handful of major security flaws that you should pay attention to. Microsoft has issued its first Patch Tuesday for 2018 to addre...

Design/Logic Flaw

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks...

CVE-2014-8540

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks...

CVE-2014-8540

The groups API in GitLab 6.x and 7.x before 7.4.3 allows remote authenticated guest users to modify ownership of arbitrary groups by leveraging improper permission checks...

CVE-2014-8540

Removed by vendor...

ADRecon - Tool Which Gathers Information About The Active Directory

ADRecon is a tool which extracts various artifacts as highlighted below out of an AD environment in a specially formatted Microsoft Excel report that includes summary views with metrics to facilitate analysis. The report can provide a holistic picture of the current state of the target AD...

PVS Console | Fails to load farm\site\server details with error 'Server communication timeout'

The PVS Console throws following error while expanding farm\site\server details: 'Server communication timeout' MMC Console timeouts may also be seen. Now consider a Large AD Environment, where there are multiple Domains and the PVS Administrator User account used to access the PVS Console is par...

The vulnerability of the FortiOS operating system arises from the lack of measures taken to protect the structure of web pages, allowing attackers to carry out cross-site scripting attacks.

The vulnerability of the FortiOS operating system exists due to the lack of measures taken to protect the website structure. Exploiting this vulnerability allows a malicious actor to perform cross-site scripting attacks by injecting malicious code into the “Groups” field when creating or editing...

VESQL database restore to Always On Availability Groups with automatic seeding enabled is hanging

Challenge VESQL database restore to Always ON Availability Group with automatic seeding enabled SQL 2016 SP1 and later does not work. Veeam SQL Explorer log shows repeating records like: 10/23/2017 8:19:22 PM 11 5160 SQL query: ALTER DATABASE SET HADR AVAILABILITY GROUP = 10/23/2017 8:19:32 PM 11...

Xlight FTP Server 3.8.8.5 - Buffer Overflow (PoC)

Xlight FTP Server 3.8.8.5 - Buffer Overflow PoC !/usr/bin/python Exploit Author: bzyo Twitter: @bzyo Exploit Title: Xlight FTP Server x86/x64 - Buffer Overflow Crash PoC Date: 07-11-2017 Vulnerable Software: Xlight FTP Server v3.8.8.5 x86/x64 Vendor Homepage: http://www.xlightftpd.com/ Version:...

[SECURITY] Fedora 26 Update: systemd-233-7.fc26

systemd is a system and service manager that runs as PID 1 and starts the rest of the system. It provides aggressive parallelization capabilities, uses socket and D-Bus activation for starting services, offers on-demand starting of daemons, keeps track of processes using Linux control groups,...

openSUSE Security Update : mysql-community-server (openSUSE-2017-1196)

This update for mysql-community-server to 5.6.38 fixes the following issues : Full list of changes : http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed : - boo1064116 CVE-2017-10379 - boo1064117 CVE-2017-10384 - boo1064115 CVE-2017-10378 - boo1064101 CVE-2017-10268 -...

Security update for mysql-community-server (important)

This update for mysql-community-server to 5.6.38 fixes the following issues: Full list of changes: http://dev.mysql.com/doc/relnotes/mysql/5.6/en/news-5-6-38.html CVEs fixed: - boo1064116 CVE-2017-10379 - boo1064117 CVE-2017-10384 - boo1064115 CVE-2017-10378 - boo1064101 CVE-2017-10268 - boo10640...

WordPress: Unauthenticated hidden groups disclosure via Ajax groups search

Note: this issue was previously submitted to [email protected], because I did not have the rep to submit it here. That was cleared up with HackerOne, so I am now submitting the issue here, at @aaroncampbell's direction. Summary It is possible for an unauthenticated user to view the title,...

Octopus Deploy Elevation of Privilege Vulnerability

Octopus is an automated tool for development and deployment of .NET from Octopus Deploy Australia. A security vulnerability exists in versions of Octopus prior to 3.17.7. An attacker could exploit the vulnerability to invite users to groups with elevated privileges...

USN-3449-1 nova vulnerabilities

George Shuklin discovered that OpenStack Nova incorrectly handled the migration process. A remote authenticated user could use this issue to consume resources, resulting in a denial of service. CVE-2015-3241 George Shuklin and Tushar Patil discovered that OpenStack Nova incorrectly handled deleti...

Guidance on configuring WEM settings per user/user groups

How to set up WEM configuration specifically for user/user groups...

groups.google.com XSS vulnerability

Vulnerable URL: https://groups.google.com/group/rootbytetest/attach/80ade35d14961/rootbyte.html?part=0.1=0=1 Details: Description| Value ---|--- Patched:| Verification in progress Latest check for patch:| 03.01.2018 Vulnerability type:| XSS Vulnerability status:| Publicly disclosed Alexa Rank|...

CVE-2017-13988

An improper access control vulnerability in ArcSight ESM and ArcSight ESM Express, any 6.x version prior to 6.9.1c Patch 4 or 6.11.0 Patch 1, allows unauthorized users to alter the maximum size of storage groups and enable/disable the setting for the 'follow schedule' function...