Group Picker Should Not Listed All Groups

Confluence will display all groups registered on it when users access any group picker and put value as its search parameter. This is not a good implementation from security point of view as normal users would be able to see the whole groups. It would be better if group picker listed only the...

PYSEC-2012-10

security/init.py in MoinMoin 1.9 through 1.9.4 does not properly handle group names that contain virtual group names such as "All," "Known," or "Trusted," which allows remote authenticated users with virtual group membership to be treated as a member of the group...

Information disclosure in REST API

REST endpoints to search groups and to list issue resolutions allow anonymous/unauthenticated access. The former allows to enumerate all groups on a JIRA instance by sending multiple queries as results are limited by jira.ajax.autocomplete.limit. We've verified this on an instance without any...

Al Jazeera News network website hacked by Pro-Assad hackers

The official website of one of the biggest Arabic-language news network "Al Jazeera" got hacked just now by Pro-Assad hackers called "Al-Rashedon". If your miss the deface page, please have a look to mirror of it Here. Deface page designed with Dark color as shown in image and have some message i...

Fedora Update for drupal6-og FEDORA-2012-11479

Check for the Version of drupal6-og OpenVAS Vulnerability Test Fedora Update for drupal6-og FEDORA-2012-11479 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under...

CVE-2012-1644

The Organic Groups OG Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors...

Design/Logic Flaw

The Organic Groups OG Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors...

CVE-2012-1644

The Organic Groups OG Vocabulary module 6.x-1.x before 6.x-1.2 for Drupal allows remote authenticated users with certain administrator permissions to modify the vocabularies of other groups via unspecified vectors...

CVE-2012-1644

The CVE-2012-1644 entry concerns the Drupal Organic Groups (OG) Vocabulary module. Affected component: OG Vocab 6.x-1.x before 6.x-1.2. Root cause: the module does not sufficiently enforce access controls on vocabularies, allowing remote authenticated users with certain administrator permissions ...

python-paste-script: Supplementary groups not dropped when started an application with "paster serve" as root

Paste Script 1.7.5 and earlier does not properly set group memberships during execution with root privileges, which might allow remote attackers to bypass intended file-access restrictions by leveraging a web application that uses the local filesystem...

[SECURITY] Fedora 17 Update: drupal6-og-2.4-1.fc17

Enable users to create and manage their own 'groups'...

CVE-2012-2081

The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...

Design/Logic Flaw

The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...

CVE-2012-2081

The Organic Groups OG module 6.x-2.x before 6.x-2.3 for Drupal does not properly restrict access, which allows remote attackers to obtain sensitive information such as private group titles via a request through the Views module...

CVE-2012-2081

The CVE-2012-2081 issue concerns the Organic Groups (OG) module for Drupal (versions 6.x-2.x prior to 6.x-2.3). The root cause is that the module’s Views integration does not correctly filter information from private groups, allowing remote attackers to access sensitive data. Impact: disclosure o...

broadcast-igmp-discovery NSE Script

Discovers targets that have IGMP Multicast memberships and grabs interesting information. The scripts works by sending IGMP Membership Query message to the 224.0.0.1 All Hosts multicast address and listening for IGMP Membership Report messages. The script then extracts all the interesting...

Scientific Linux Security Update : sudo on SL5.x i386/x86_64

CVE-2010-0426 sudo: sudoedit option can possibly allow for arbitrary code execution CVE-2010-0427 sudo: Fails to reset group permissions if runasdefault set A privilege escalation flaw was found in the way sudo handled the sudoedit pseudo-command. If a local user were authorized by the sudoers fi...

Mandriva Update for arpwatch MDVSA-2012:113 (arpwatch)

Check for the Version of arpwatch OpenVAS Vulnerability Test Mandriva Update for arpwatch MDVSA-2012:113 arpwatch Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it...

Design/Logic Flaw

The form-autocompletion functionality in Moodle 2.0.x before 2.0.7, 2.1.x before 2.1.4, and 2.2.x before 2.2.1 makes it easier for physically proximate attackers to discover passwords by reading the contents of a non-password field, as demonstrated by accessing a create-groups page with Safari on...

PT-2012-2877 · Moodle · Moodle

Name of the Vulnerable Software and Affected Versions: Moodle versions 2.0.x through 2.0.6 Moodle versions 2.1.x through 2.1.3 Moodle versions 2.2.x through 2.2.0 Description: The form-autocompletion functionality makes it easier for physically proximate attackers to discover passwords by reading...