Localize: XSS in Groups

Visit the following link after logging in: http://www.localize.io/pages/createproject/3D Add a new group with an XSS string as group name and you will see the XSS execting. String used: ? Thanks, Ben...

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

DEBIAN-CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

UBUNTU-CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

Design/Logic Flaw

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

CVE-2014-0071

CVE-2014-0071 affects PackStack in Red Hat OpenStack 4.0, where PackStack did not correctly enforce default security group rules when deployed to Neutron, allowing remote attackers to bypass access restrictions and reach otherwise restricted systems. The issue is documented in RHSA-2014:0233 and ...

CVE-2014-0071

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

APT Groups Return - Chinese Hackers Resume Cyber Espionage Operations

Year back, one of the largest “Advanced Persistent Threat” APT hacking groups received widespread attention from the media and from the U.S. government. APT Groups are China’s cyber espionage units and they won’t stop their espionage operation, despite being exposed last year. Yes, APT hacking...

CVE-2014-0592

Barclamp aka barclamp-network 1.7 for the Crowbar Framework, as used in SUSE Cloud 3, does not enable netfilter on bridges when creating new instances, which allows remote attackers to bypass security group restrictions via unspecified vectors, related to floating IPs...

openstack-nova: XenAPI security groups not kept through migrate or resize

The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...

Fedora 19 : openstack-nova-2013.1.5-1.fc19 (2014-4188)

Update to stable/grizzly release 2013.1.5 - Keep XenAPI security groups through migrate and resize - CVE-2013-4497 - Secure directory permissions in snapshots - CVE-2013-7048 Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisor...

NSA Hacked Servers of Chinese telecom Huawei, Stole Source Codes

The US Government was publicly accusing Chinese electronics manufacturer Huawei of espionage from the past few years. Ironically, it has now been revealed that the National Security Agency conducted a major offensive cyber operations against the Chinese government and networking company Huawei, i...

CVE-2014-1877

Multiple cross-site scripting XSS vulnerabilities in Dokeos 2.1.1 allow remote attackers to inject arbitrary web script or HTML via the 1 Phone, 2 Street, 3 Address line, 4 Zip code, or 5 City field to main/auth/profile.php; 6 Subject field to main/social/groups.php; or 7 Message body field to...

PackStack: Neutron Security Groups fail to block network traffic

PackStack in Red Hat OpenStack 4.0 does not enforce the default security groups when deployed to Neutron, which allows remote attackers to bypass intended access restrictions and make unauthorized connections...

Important: Red Hat Security Advisory: openstack-packstack security and bug fix update

Updated openstack-packstack packages that fix one security issue and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. The Red Hat Security Response Team has rated this update as having Important security impact. A Common Vulnerability Scoring System CVSS base...

Cross site scripting

Cross-site scripting XSS vulnerability in the BuddyPress plugin before 1.9.2 for WordPress allows remote authenticated users to inject arbitrary web script or HTML via the name field to groups/create/step/group-details. NOTE: this can be exploited without authentication by leveraging CVE-2014-188...

Oracle Demantra 12.2.1 - SQL Injection

Details: Application is vulnerable to SQL injection. Impact: An attacker with access to the vulnerable pages could manipulate the queries being sent to the database, potentially enabling them to: - Extract sensitive information, including but not limited to authentication credentials and personal...

Total Video Player 1.3.1 (Settings.ini) - SEH Buffer Overflow

This Metasploit module exploits a buffer overflow in Total Video Player 1.3.1. The vulnerability occurs opening malformed Settings.ini file e.g."C:\Program Files\Total Video Player". This Metasploit module has been tested successfully over Windows WinXp-Sp3-EN, Windows 7, Windows 8. This module...