IBM OpenAFS ptserver elevation of privilege vulnerability

IBM OpenAFS is a distributed file system from IBM in the United States that allows sharing of files and resources between systems over LANs and WANs. A security vulnerability exists in IBM OpenAFS versions prior to 1.6.17 in ptserver. An attacker could exploit the vulnerability to create arbitrar...

LDAP Based Active Directory Enumeration: AD-LDAP-Enum

ad-ldap-enum is a Python script that was developed to discover users and their group memberships from Active Directory. In large Active Directory environments, tools such as NBTEnum were not performing fast enough. By executing LDAP queries against a domain controller, ad-ldap-enum is able to...

Facebook Groups - Customized SSL, Redefined SSL Common Names verifier vulnerabilities

HackApp vulnerability scanner discovered that application Facebook Groups published at the 'play' market has multiple vulnerabilities...

Zap Zap - Chat and Groups - Customized SSL, Dangerous filesystem permissions, MIT license vulnerabilities

HackApp vulnerability scanner discovered that application Zap Zap - Chat and Groups published at the 'play' market has multiple vulnerabilities...

MOBOTIX Video Security Cameras - Cross-Site Request Forgery (Add Admin)

Add admin user Testingus: ---...

HackerOne: External programs revealing info

A bug in an authorization check was found by @1337coder on an endpoint that was showing the members of a team, as well as the team member groups that were set up. Example output: "id":1, "username":"dirk", "name":"dirk", "bio":"", "url":"https://hackerone.com/dirk" , "id":2, "name":"Admin",...

Fedora 22 : pcre-8.38-3.fc22 (2016-f5af8e27ce)

This release fixes a heap buffer overflow in handling of nested duplicate named groups with a nested back reference and a heap buffer overflow in pcretest causing infinite loop when matching globally with an ovector less than 2. Note that Tenable Network Security has extracted the preceding...

Firefox 45 Fixes 40 Vulnerabilities, 22 Critical

Much like Google, which updated Chrome yesterday, Mozilla released a new version of Firefox on Tuesday, fixing 40 vulnerabilities in the browser. The update, Firefox 45, included eight bulletins rated critical and patched a handful of serious use-after-free vulnerabilities and a pair of buffer...

CVE-2015-5272

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."...

CVE-2015-5272

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."...

UBUNTU-CVE-2015-5272

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."...

CVE-2015-5272

The Forum module in Moodle 2.7.x before 2.7.10 allows remote authenticated users to post to arbitrary groups by leveraging the teacher role, as demonstrated by a post directed to "all participants."...

Power Grid Honeypot Puts Face on Attacks

TENERIFE, Spain –The rhetoric around hacking the power grid would have you believe it’s a relatively mundane practice. Policymakers, intelligence agencies and vendors, for example, spread the word gleefully, leaning on scenarios such as state-sponsored hackers shutting off the lights in the dead ...

Support for Multiple Versions of MS Office on a Machine with Terminal Services Enabled

Scenario: We have Multiple Versions of Microsoft Office installed on the Master Image or vDisk and looking forward to activate both versions using KMS This scenario is not supported. Please refer Microsoft's KBhttps://support.microsoft.com/en-us/kb/2784668according to which : "We do not support t...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

Groups to Synchronise membership filter in Crowd/JIRA authentication not effective in some circumstances

Users existing in remote Crowd/JIRA authentication source may get access to FishEye/Crucible instance even if they are not members of specified "Groups to Synchronise"...

What the heck is RFC 5114?

Mandatory Disclaimer: IANAC I am not a cryptographer so I might likely end up writing a bunch of mistakes in this blog post... I already talked about Diffie–Hellman DH from now on in TLS in my previous post: Small subgroup attack in Mozilla NSS. As mentioned FWIW I strongly agree with Google Chro...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...

openstack-nova: network security group changes are not applied to running instances

A vulnerability was discovered in the way OpenStack Compute nova networking handled security group updates; changes were not applied to already running VM instances. A remote attacker could use this flaw to access running VM instances...