HackerOne: Team Member███ associated with a Custom Group Created with 'Program Managment' only permissions can Comments on Bug Reports

Hi Team, Legend ====== AppSecBounty = Bug ProgramSandbox Program Hacker1001 = Bug Reporter BugAdmin = Program Admin BugMember = Team Member associated ProgramManagement Group ProgramManagement Group = Custom Group created with "Program Management Permission" Steps: 1. Hacker1001 reports a Bug to...

WordPress Symposium 14.05.02 Cross Site Request Forgery

Plugin Name : WP Symposium A8-Cross-SiteRequestForgeryCSRF Effected Version : 14.05.02 and most probably lower version's if any Vulnerability : A8-Cross-Site Request Forgery CSRF Identified by : Madhu Akula Technical Details Minimum Level of Access Required : Unauthenticated PoC - Proof of Concep...

DEBIAN-CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

CentOS 7 : ntp (CESA-2015:2231)

Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common Vulnerability Scoring System CVSS base scores, which give...

UBUNTU-CVE-2015-8383

PCRE before 8.38 mishandles certain repeated conditional groups, which allows remote attackers to cause a denial of service buffer overflow or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a JavaScript RegExp object encountered by Konqueror...

ntp, ntpdate, sntp security update

CentOS Errata and Security Advisory CESA-2015:2231 Updated ntp packages that fix multiple security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7. Red Hat Product Security has rated this update as having Moderate security impact. Common...

RHEL 7 : ntp (RHSA-2015:2231)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2015:2231 advisory. The Network Time Protocol NTP is used to synchronize a computer's time with another referenced time source. These packages include the ntpd...

pcre: infinite recursion compiling pattern with zero-repeated groups that include recursive back reference (8.36/19)

PCRE before 8.36 mishandles the /a\2|a\g/ pattern and related patterns with certain internal recursive back references, which allows remote attackers to cause a denial of service segmentation fault or possibly have unspecified other impact via a crafted regular expression, as demonstrated by a...

Oracle Linux 6 : sssd (ELSA-2015-2019)

The remote Oracle Linux 6 host has packages installed that are affected by a vulnerability as referenced in the ELSA-2015-2019 advisory. 1.12.4-47.4 - Resolves: rhbz1268783 - Memory leak / possible DoS with krb auth. 1.12.4-47.3 - Resolves: rhbz1268784 - SSSD POSIX attribute check is too strict...

sssd security and bug fix update

1.12.4-47.4 - Resolves: rhbz1268783 - Memory leak / possible DoS with krb auth. 1.12.4-47.3 - Resolves: rhbz1268784 - SSSD POSIX attribute check is too strict 1.12.4-47.2 - Resolves: rhbz1264098 - cleanupgroups should sanitize dn of groups 1.12.4-47.1 - Resolves: rhbz1258398 - sysdb sudo search...

DEBIAN-CVE-2015-7713

OpenStack Compute Nova before 2014.2.4 juno and 2015.1.x before 2015.1.2 kilo do not properly apply security group changes, which allows remote attackers to bypass intended restriction by leveraging an instance that was running when the change was made...

CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

DEBIAN-CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

Race condition

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

CVE-2015-5240

Race condition in OpenStack Neutron before 2014.2.4 and 2015.1 before 2015.1.2, when using the ML2 plugin or the security groups AMQP API, allows remote authenticated users to bypass IP anti-spoofing controls by changing the device owner of a port to start with network: before the security group...

SUSE-SU-2015:1840-1 Security update for openssh

openssh was updated to fix four security issues. These security issues were fixed: - CVE-2015-5352: The x11openhelper function in channels.c in ssh in OpenSSH when ForwardX11Trusted mode is not used, lacked a check of the refusal deadline for X connections, which made it easier for remote attacke...

openstack-neutron: Firewall rules bypass through port update

A race-condition flaw leading to ACL bypass was discovered in OpenStack Networking neutron. An authenticated user could change the owner of a port after it was created but before firewall rules were applied, thus preventing firewall control checks from occurring. All OpenStack Networking...

PT-2015-6812

Name of the Vulnerable Software and Affected Versions OpenStack Neutron versions prior to 2014.2.4 OpenStack Neutron versions prior to 2015.1.2 Description A race condition exists when using the ML2 plugin or the security groups AMQP API, allowing remote authenticated users to bypass IP...

CVE-2015-6688

Use-after-free vulnerability in Adobe Reader and Acrobat 10.x before 10.1.16 and 11.x before 11.0.13, Acrobat and Acrobat Reader DC Classic before 2015.006.30094, and Acrobat and Acrobat Reader DC Continuous before 2015.009.20069 on Windows and OS X allows attackers to execute arbitrary code via ...