4108 matches found
CVE-2014-7812
Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...
Cross site scripting
Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...
CVE-2014-7812
Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...
CVE-2014-7812
CVE-2014-7812 is an XSS vulnerability affecting Spacewalk and Red Hat Network Satellite prior to version 5.7.0. The issue allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field. Affected products include Spacewalk and RHN Satellite (before 5.7.0); rem...
Spacewalk: XSS in system-group
Cross-site scripting XSS vulnerability in Spacewalk and Red Hat Network RHN Satellite before 5.7.0 allows remote authenticated users to inject arbitrary web script or HTML via the System Groups field...
SA-CONTRIB-2014-126 - Open Atrium - Multiple vulnerabilities
This distribution enables you to create an intranet. Several of the sub modules included do not prevent CSRF on several menu callbacks. Open Atrium Discussion also does not exit correctly after checking access on a several ajax callbacks, allowing anyone with "access content" to update and delete...
SA-CONTRIB-2014-128 - Organic Groups Menu - Access bypass
This module enables you to associate menus with Organic Groups OG. It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity form, etc. The module doesn't sufficiently check the menu parameters passed...
SA-CONTRIB-2014-125 - Organic Groups Menu - Access bypass
This module enables you to associate menus with Organic Groups OG. It allows you to create one or more menus per group, configure and apply menu permissions in a group context, add/edit menu links directly from the entity form, etc. The module doesn't sufficiently check the menu parameters passed...
CVE-2014-8989
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...
DEBIAN-CVE-2014-8989
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...
CVE-2014-8989
CVE-2014-8989 affects the Linux kernel up to 3.17.4, where dropping supplemental group memberships in certain namespace scenarios is not properly restricted. This enables a local attacker to bypass file permissions by abusing a POSIX ACL entry for the group category that is more restrictive than ...
CVE-2014-8989
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...
UBUNTU-CVE-2014-8989
The Linux kernel through 3.17.4 does not properly restrict dropping of supplemental group memberships in certain namespace scenarios, which allows local users to bypass intended file permissions by leveraging a POSIX ACL containing an entry for the group category that is more restrictive than the...
Microsoft SQL Server SUSER_SNAME Windows Domain Account Enumeration
This module can be used to bruteforce RIDs associated with the domain of the SQL Server using the SUSERSNAME function. This is similar to the smblookupsid module, but executed through SQL Server queries as any user with the PUBLIC role everyone. Information that can be enumerated includes Windows...
EFF, Privacy Groups Say NIST Crypto Standards Must be Free From Backdoors
The EFF and a long list of civil and privacy groups have sent a letter to NIST, emphasizing the need for the agency to create “a process for establishing secure and resilient encryption standards, free from back doors or other known vulnerabilities.” The letter comes at a time when the agency is ...
AT&T Drops Controversial Tracking Header
When information came out earlier this month that some mobile carriers were injecting unique identifying “supercookies” into their users’ Web traffic, privacy groups and users were angered. The practice, used by Verizon and AT&T, enables advertisers to track users’ behavior and assemble informati...
CVE-2014-8734
The Organic Groups Menu aka OG Menu module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors...
Design/Logic Flaw
The Organic Groups Menu aka OG Menu module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors...
CVE-2014-8734
The Organic Groups Menu aka OG Menu module before 7.x-2.2 for Drupal allows remote authenticated users with the "access administration pages" permission to change module settings via unspecified vectors...
Retail Trade Groups Want Fair Data Breach Reporting Rules
The National Retail Federation and dozens of other related groups cosigned a letter PDF to top congressional leaders last week pleading that they consider the passage of a federal law imposing uniform data breach notification rules that are equally applicable to every organization that handles...