DEBIAN-CVE-2014-8578

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

UBUNTU-CVE-2014-8578

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

Neutron: security groups fail to block traffic properly due to packstack configuration

It was discovered that the nova.conf configuration generated by PackStack did not correctly set the libvirtvifdriver configuration option if the Open vSwitch OVS monolithic plug-in was not used. This could result in deployments defaulting to having the firewall disabled unless the nova...

[SECURITY] Fedora 20 Update: kuser-4.14.1-1.fc20

KUser is a tool for managing users and groups on your system...

openstack-horizon: multiple XSS flaws

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

Moderate: Red Hat Security Advisory: openstack-neutron security, bug fix, and enhancement update

Updated openstack-neutron packages that fix one security issue, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Moderate security impact. A...

File Groups <= 1.1.2 - SQL Injection

The File Groups WordPress plugin was affected by a SQL Injection security vulnerability...

WordPress Groups Plugin <= 1.4.5 -

This plugin is prone to a negated role capability H&ling elevated privilege issue. Solution Upgrade this plugin...

openstack-horizon: multiple XSS flaws

Cross-site scripting XSS vulnerability in the Groups panel in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote administrators to inject arbitrary web script or HTML via a user email address, a different vulnerability than CVE-2014-3475...

openstack-neutron: security groups bypass through invalid CIDR

The openvswitch-agent process in OpenStack Neutron 2013.1 before 2013.2.4 and 2014.1 before 2014.1.1 allows remote authenticated users to bypass security group restrictions via an invalid CIDR in a security group rule, which prevents further rules from being applied...

CVE-2014-4700

CVE-2014-4700 affects Citrix XenDesktop 4.x, 5.x, and 7.x when pooled random desktop groups are enabled and ShutdownDesktopsAfterUse is disabled. The vulnerability allows a local guest to gain access to another user’s desktop via unspecified vectors. The issue is tied to the non-default configura...

CVE-2014-3491

Cross-site scripting XSS vulnerability in Foreman before 1.4.5 and 1.5.x before 1.5.1 allows remote attackers to inject arbitrary web script or HTML via the Name field to the New Host groups page, related to create, update, and destroy notification boxes...

CiviCRM 3.1 < Beta 5 Multiple XSS Vulnerabilities

No description provided by source. Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: 3.1 Beta 5, Tested on 3.1 Beta 1 Tested on: BT4 pre-final Greetz ...

ATutor 1.6.4 - Multiple Cross Site Scripting

No description provided by source. Topic : ATutor 1.6.4 Bugs Type : Cross Site Scripting all of them Credit : ItSecTeam Remote : Yes Status : Bug mail : [email protected] Dork : ATutor 1.6.4 Special Tnx : am!rkh@n, Amin ShokohiPejvak, C0M0D0, 0xd41684c654, r3dmove And All It Security Team Members...

MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (5)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

LPRng 3.6.x Failure To Drop Supplementary Groups Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/2865/info The LPRng software is an enhanced, extended, and portable implementation of the Berkeley LPR print spooler functionality. When the LPRng daemon is initialized, it fails to drop its supplementary groups. As a...

AlstraSoft Video Share Enterprise 4.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/25019/info AlstraSoft Video Share Enterprise is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting vulnerabilities and multiple SQL-injection vulnerabilities...

Phorum 5.1.20 admin.php Groups Module group_id Parameter XSS

No description provided by source. source: http://www.securityfocus.com/bid/23616/info Phorum is prone to multiple input-validation vulnerabilities, including an unauthorized-access issue, privilege-escalation issue, multiple SQL-injection issues, and cross-site scripting issues, because the...

Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection

No description provided by source. Author: L0rd CrusAd3r aka VSN [email protected] Exploit Title:Miniweb 2.0 Business Portal and Social Networking Platform SQL Injection Vulnerability Vendor url:http://www.miniweb2.com/ Version:2.0 Price:250$ Published: 2010-06-10 Greetz to:Sid3^effects, MaYu...

WordPress File Groups plugin <= 1.1.2 - SQL Injection Vulnerability

No description provided by source. Exploit Title: WordPress File Groups plugin = 1.1.2 SQL Injection Vulnerability Date: 2011-08-17 Author: Miroslav Stampar miroslav.stamparatgmail.com @stamparm Software Link: http://downloads.wordpress.org/plugin/file-groups.1.1.2.zip Version: 1.1.2 tested --- P...