MS IIS 4.0/5.0 and PWS Extended Unicode Directory Traversal Vulnerability (3)

No description provided by source. source: http://www.securityfocus.com/bid/1806/info Microsoft IIS 4.0 and 5.0 are both vulnerable to double dot ../ directory traversal exploitation if extended UNICODE character representations are used in substitution for / and . Unauthenticated users may acces...

House Amendment Limits Funding for NSA Surveillance

The House of Representatives last night overwhelmingly passed an amendment to the Department of Defense Appropriations Act that would cut funding for two programs that grant intelligence agencies access to the private data and communications of U.S. citizens. The amendment shows that Congress is...

Google Play App Permissions Privacy, Security Concerns

Google’s revamped app permissions for Google Play are not being well received by Android users. Reddit threads are rife with adjectives such as “stupid” and “dangerous,” primarily because Google’s attempt to simplify permissions granted to automatically updated applications may in fact expose use...

Mergers and Acquisitions: When Two Companies and APT Groups Come Together

With Apple’s purchase of Beats, Pfizer’s failed bids for AstraZeneca, and financial experts pointing to a rally in the M&A market, the last month was a busy one for mergers and acquisitions. Of course, when we first see headlines of a high profile company’s plans for a merger or acquisition, we...

Domain restricted signup is creating enabled users on ApacheDS

When a user signs up to a Confluence instance that has domain restricted sign up enabled, they are normally created as disabled users and are unable to login. However, when the underlying user directory does not support disabling users, such as ApacheDS 1.5, then the user ends up being created as...

Fedora 20 : openstack-neutron-2013.2.3-7.fc20 (2014-6520)

Fixed CVE-2014-0187 'openstack-neutron: security groups bypass through invalid CIDR' Fixed CVE-2014-0187: 'openstack-neutron: security groups bypass through invalid CIDR', bz1090136 Make neutron-vpn-agent read fwaasdriver.ini Note that Tenable Network Security has extracted the preceding...

CVE-2013-4598

The Groups, Communities and Co GCC module 7.x-1.x before 7.x-1.1 for Drupal does not properly check permission, which allows remote attackers to access the configuration pages via unspecified vectors...

CVE-2014-0849

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups...

Code injection

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups...

CVE-2014-0849

IBM Maximo Asset Management 7.x before 7.5.0.3 IFIX027 and SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2 allow remote authenticated users to gain privileges by leveraging membership in two security groups...

SA-CONTRIB-2014-049 - Organic Groups (OG) - Access Bypass

Organic groups OG enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. OG doesn't sufficiently check the permissions when a group member is pending or blocked status within the gro...

CVE-2013-7068

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field...

CVE-2013-7065

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...

CVE-2013-7068

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field...

Design/Logic Flaw

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...

Input validation

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field...

CVE-2013-7065

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote attackers to bypass access restrictions and post to arbitrary groups via a group audience field, as demonstrated by the oggroupref field...

CVE-2013-7068

The issue CVE-2013-7068 affects the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote authenticated users to bypass group restrictions on nodes when all groups are configured as optional via an empty group field, enabling...

CVE-2013-7068

The Organic Groups OG module 7.x-2.x before 7.x-2.3 for Drupal allows remote authenticated users to bypass group restrictions on nodes with all groups set to optional input via an empty group field...

CVE-2013-7065

The CVE concerns the Drupal Organic Groups (OG) module for Drupal 7.x-2.x, specifically versions prior to 7.x-2.3. The vulnerability allows remote attackers to bypass access restrictions and post to arbitrary groups using the og_group_ref field, enabling group-wide content posting beyond intended...