4108 matches found
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
CVE-2013-4497
Summary: CVE-2013-4497 affects the XenAPI backend of OpenStack Compute (Nova) in Folsom/Grizzly/Havana before 2013.2. The issue is that security groups were not properly reapplied after certain operations (resize or live migration), potentially exposing affected VM instances to unintended network...
CVE-2013-4497
The XenAPI backend in OpenStack Compute Nova Folsom, Grizzly, and Havana before 2013.2 does not properly apply security groups 1 when resizing an image or 2 during live migration, which allows remote attackers to bypass intended restrictions...
Rise in website Defacement attacks by Hackers around the World
Last week we noticed a rise in cyber attacks particularly - website Defacement attacks on many governments and organizations of different countries by the hackers around the world. Targeted countries include Singapore, Mexico, Philippines, Australia, Egypt, United States, Syria and many more. Out...
Fedora 19 : ReviewBoard-1.7.16-2.fc19 / python-djblets-0.7.21-1.fc19 (2013-18931)
Review Board 1.6.19 and 1.7.15 fix a few issues in the API where users could access certain data they should not have been able to access, if using the Local Sites feature, invite-only groups, or private repositories. It also fixes cases with invite-only groups where the group name and list of...
LinkedIn Join Group Cross Site Request Forgery
============================================= INTERNET SECURITY AUDITORS ALERT 2013-016 - Original release date: June 8th, 2013 - Last revised: July 11th, 2013 - Discovered by: Eduardo Garcia Melia - Severity: 4.3/10 CVSSv2 Base Score ============================================= I. VULNERABILITY...
Fedora 19 : libvirt-1.0.5.6-2.fc19 (2013-17618)
Fix snapshot restore when VM has disabled usb support bz 1011520 - Rebased to version 1.0.5.6 - Fix blockjobinfo python API bz 999077 - CVE-2013-4311: Insecure polkit usage bz 1009539, bz 1005332 - CVE-2013-4296: Invalid free memory stats bz 1006173, bz 1009667 - CVE-2013-4291: Supplementary...
SilverStripe Framework CMS 3.0.5 - Multiple Web Vulnerabilities
Title: ====== SilverStripe Framework CMS 3.0.5 - Multiple Vulnerabilities Date: ===== 2013-09-23 References: =========== http://www.vulnerability-lab.com/getcontent.php?id=1084 VL-ID: ===== 1084 Common Vulnerability Scoring System: ==================================== 3.9 Introduction:...
Fedora 18 : libvirt-0.10.2.8-1.fc18 (2013-17305)
Rebased to version 0.10.2.8 - CVE-2013-4311: Insecure polkit usage bz 1009539, bz 1005332 - CVE-2013-4296: Invalid free memory stats bz 1006173, bz 1009667 - CVE-2013-4291: Supplementary groups handling bz 1006509, bz 1006511 - Fix LXC container creation if selinux disabled bz 977114 - Fix virsh...
Linkedin Social Network - CS Flash Cross Site Vulnerability
Document Title: =============== Linkedin Social Network - CS Flash Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1021 Release Date: ============= 2013-09-19 Vulnerability Laboratory ID VL-ID: ===================================...
Linkedin Social Network - CS Flash Cross Site Vulnerability
Document Title: =============== Linkedin Social Network - CS Flash Cross Site Vulnerability References Source: ==================== http://www.vulnerability-lab.com/getcontent.php?id=1021 Release Date: ============= 2013-09-19 Vulnerability Laboratory ID VL-ID: ===================================...
[Secunia CSI 7.0] Next generation Patch Management Tool
Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National...
[RCA-201308-01] HMS Testimonials 2.0.10 WP plugin - Multiple vulnerabilities
Details ======================== Application: HMS Testimonials http://wordpress.org/plugins/hms-testimonials/ Version: 2.0.10 Type: Wordpress Plugin Vendor: Jeff Kreitner http://profiles.wordpress.org/kreitje/ Vulnerability: - Cross-Site Request Forgery CWE-352 - Cross-Site Scripting CWE-79...
Secunia CSI 7.0 - Next generation Patch Management tool released
Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National...
Secunia CSI 7.0 - Next generation Patch Management tool released
Cybercrime costs organizations millions of dollars and to protect business from the consequences of security breaches, vulnerability intelligence and patch management are basic necessities in the toolbox of any IT team, as emphasized by organizations like the SANS Institute and the National...
OpenStack: Nova network source security groups denial of service
Algorithmic complexity vulnerability in OpenStack Compute Nova before 2013.1.3 and Havana before havana-3 does not properly handle network source security group policy updates, which allows remote authenticated users to cause a denial of service nova-network consumption via a large number of...
Poison Ivy RAT Spotted in Three New China Attacks
The Poison Ivy remote access Trojan may be old, but it’s not losing favor with nation states that continue to make it the center piece of targeted attacks. Three groups of hackers, reportedly all with ties to China and possibly related in terms of their funding and training, are currently managin...
CVE-2013-5312
Multiple cross-site scripting XSS vulnerabilities in Vastal I-Tech phpVID 1.2.3 allow remote attackers to inject arbitrary web script or HTML via the 1 n parameter to browsevideos.php or the 2 cat parameter to groups.php...
SA-CONTRIB-2013-065 - Organic Groups - Access Bypass
This module enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. The module allows any authenticated user to guess the node ID of private groups, and subscribe to them without...