Mozilla: Use-after-free when displaying table with many columns and column groups (MFSA 2013-05)

Use-after-free vulnerability in the TableBackgroundPainter::TableBackgroundData::Destroy function in Mozilla Firefox before 18.0, Firefox ESR 10.x before 10.0.12 and 17.x before 17.0.2, Thunderbird before 17.0.2, Thunderbird ESR 10.x before 10.0.12 and 17.x before 17.0.2, and SeaMonkey before 2.1...

CVE-2012-5539

The Organic Groups OG module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved...

Design/Logic Flaw

The Organic Groups OG module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved...

CVE-2012-5539

The Organic Groups OG module 7.x-1.x before 7.x-1.5 for Drupal does not properly maintain pending group memberships, which allows remote authenticated users to post to arbitrary groups by modifying their own account while a pending membership is waiting to be approved...

CVE-2012-5539

The Drupal OG (Organic Groups) module for 7.x-1.x is vulnerable prior to 7.x-1.5. The flaw occurs in the handling of pending group memberships, allowing remote authenticated users to post to groups they are not properly authorized for by editing their own account while a pending membership is awa...

CVE-2012-4198

The User.get method in Bugzilla/WebService/User.pm in Bugzilla 3.7.x and 4.0.x before 4.0.9, 4.1.x and 4.2.x before 4.2.4, and 4.3.x and 4.4.x before 4.4rc1 has a different outcome for a groups request depending on whether a group exists, which allows remote authenticated users to discover privat...

Windows Gather Local Admin Search

This module will identify systems in a given range that the supplied domain user should migrate into a user pid has administrative access to by using the Windows API OpenSCManagerA to establishing a handle to the remote host. Additionally it can enumerate logged in users and group membership via...

Fedora 18 : dracut-024-5.git20121019.fc18 (2012-16448)

fixed ifup exit code - fixed default 'rd.auto' parameter setting - only 'warn' not 'error', if we don't strip the initramfs - do not overwrite ifcfg from anaconda - ssh-client module fixes - strip binaries in the initramfs by default now - fixes for systemd and crypto - new dracut kernel command...

Verizon DBIR Analysis: Insiders Often Complicit in Breaches of Intellectual Property

Verizon has further dissected breach data from its annual Data Breach Investigations Report DBIR and built a profile of intellectual property theft that points to a disturbing combination of factors leading to successful infiltrations by cybercriminals, competitors, hacktivists and nation-state...

Sony PlayStation 3 hacked with custom firmware

The PlayStation 3 has been hacked before, originally with the PSJailbreak dongle and fail0verflow, but Sony managed to fight back with Firmware 3.60 which managed to ingeniously re-secure the console. But Hackers have released a custom firmware which allows compromised consoles to log into PSN,...

THINKSNS某功能高危跨站|

简要描述： THINKSNS某功能高危跨站，可跨各种名人堂啊，风云榜选手 详细说明： 一个一个来 1·添加好友分组过滤不严格 看效果 2·第二个地方是发私信的功能，没有交代清楚，导致存储Xss，是个与人交互的地方，危害比较大，可跨各种名人，如果有管理员，应该也没问题 我的私信： 利用xsser.me尝试拖cookie 顺利到手，点击登录 跨你没商量 漏洞证明： img src="https://images.seebug.org/upload/201210/212158566793a5b9a527d93fb5c486e6...

Facebook Privacy Flaw exposed two College Gay Students Accidentally

Facebook is continually changing its privacy settings, trying to give users more control over what they want to share and with whom. Two gay college students were outed on Facebook because of a privacy flaw in Facebook Groups. Users can be added to Facebook Groups by friends without the user's...

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

Inactive users still receiving emails from "Send email" function

The JIRA documentation for deactivating users says, bq. Will not receive any email notifications from JIRA, even if they continue to remain the assignee, reporter, or watchers of issues. However, when users have been marked as inactive they are not excluded from emails sent to groups via the 'Sen...

Former LulzSec hacker pleads guilty to Sony case

After last year's big PlayStation Network hack a lot of hacking groups such as Anonymous and LulzSec were intensely publicized. Back in June, a massive hack was conducted on the Sony Pictures Website. The attack led to the theft of details on over 1 million accounts and was linked to the hacker...

Internet freedom : Anonymous Brings Philippines Government Sites Offline

Hacker groups that are against the controversial Cybercrime Prevention Law for its effect on the country's freedom of expression defaced 11 more government websites since 11 p.m. Monday A message which said, "Hacked by M4N1L4 PR1D3, PHILIPPINE CYBER ARMY AND -=TheFamilyPride=-," appeared on the...

SA-CONTRIB-2012-148 - OG - Access Bypass

OG Organic groups enables users to create and manage their own 'groups'. Each group can have subscribers, and maintains a group home page where subscribers communicate amongst themselves. A group membership can be given immediately upon subscribing, or be pending - waiting for a group administrat...

Debian: Security Advisory (DSA-2480-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

Code injection

SilverStripe 2.3.x before 2.3.12 and 2.4.x before 2.4.6 allows remote authenticated users with the EDITPERMISSIONS permission to gain administrator privileges via a TreeMultiselectField that includes admin groups when adding a user to the selected groups...

Debian: Security Advisory (DSA-2538-1)

The remote host is missing an update for the Debian SPDX-FileCopyrightText: 2012 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...