GLSA-201003-01 : sudo: Privilege escalation

The remote host is affected by the vulnerability described in GLSA-201003-01 sudo: Privilege escalation Multiple vulnerabilities have been discovered in sudo: Glenn Waller and neonsignal reported that sudo does not properly handle access control of the 'sudoedit' pseudo-command CVE-2010-0426...

Photos

On the left is the default. You want to turn off Everyone. And change Networks so none of your networks will get automatic permission unless you specifically want that, like old school pictures. Then choose whether you want Friends of Friends, etc., or to customize, choose Some Friends. Then star...

Making friends

When making friends, consider putting them into groups. You might organize them around privacy those who know about my family and those that do not or people who know each other. People can belong to more than one group if you want. Think about what kind of friends they are. Family? Co-worker?...

Important: Red Hat Security Advisory: sudo security update

An updated sudo package that fixes two security issues is now available for Red Hat Enterprise Linux 5. This update has been rated as having important security impact by the Red Hat Security Response Team. The sudo superuser do utility allows system administrators to give certain users the abilit...

Attack Combines Browser History & Social Net Groups

A group of researchers have discovered a simple way to reveal the identity of a user based on his interactions with social networks. The ‘deanonymization’ attack uses social network groups as well as some traditional browser history-stealing tactics to narrow down and find the user behind the...

Bugzilla < 3.0.11 / 3.2.6 / 3.4.5 / 3.5.3 Multiple Vulnerabilities

Binary data 5331.prm...

CiviCRM 3.1 &lt; Beta 5 - Multiple Cross-Site Scripting Vulnerabilities

Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: and from being in the same input box. In several cases it is possible to use multiple input boxes th...

CiviCRM 3.1 < Beta 5 Multiple XSS Vulnerabilities

Exploit for unknown platform in category web applications ================================================= CiviCRM 3.1 and from being in the same input box. In several cases it is possible to use multiple input boxes that get displayed later either together or close enough that it is possible to...

CiviCRM 3.1 Beta 5 - Multiple Cross-Site Scripting Vulnerabilities

CiviCRM 3.1 Beta 5 - Multiple Cross-Site Scripting Vulnerabilities Author: h00die [email protected] & Ch3nz [email protected] Software Link: http://sourceforge.net/projects/civicrm/files/civicrm-latest/3.1.beta1/civicrm-3.1.beta1-standalone.tar.gz/download Version: and from being in the same input...

phpwind 7.5 apps/groups/index.php远程包含漏洞

apps/groups/index.php 里$route和$basePath变量没有初始化,导致远程包含或者本地包含php文件,导致执行任意php代码 ?php if $route == "groups" requireonce $basePath . '/action/mgroups.php'; elseif $route == "group" requireonce $basePath . '/action/mgroup.php'; elseif $route == "galbum" requireonce $basePath . '/action/mgalbum.php';...

CVE-2009-4528

The Organic Groups OG Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors...

Design/Logic Flaw

The Organic Groups OG Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors...

CVE-2009-4528

The Organic Groups OG Vocabulary module 6.x before 6.x-1.0 for Drupal allows remote authenticated group members to bypass intended access restrictions, and create, modify, or read a vocabulary, via unspecified vectors...

CVE-2009-4528

The CVE-2009-4528 entry concerns Drupal’s Organic Groups (OG) Vocabulary module, version 6.x before 6.x-1.0. The vulnerability allows remote authenticated group members to bypass access restrictions and to create, modify, or read vocabulary items via unspecified vectors. Affected software: Organi...

citrix-enum-apps-xml NSE Script

Extracts a list of applications, ACLs, and settings from the Citrix XML service. The script returns more output with higher verbosity. Script Arguments slaxml.debug See the documentation for the slaxml library. http.host, http.max-body-size, http.max-cache-size, http.max-pipeline, http.pipeline,...

Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability

Exploit for unknown platform in category web applications ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability ================================================== Automne.ws CMS 4.0.0rc2 Multiple RFI Vulnerability Created By 1nd0n3s14n l4m3r c --...

CVE-2009-4063

Cross-site scripting XSS vulnerability in the Subgroups for Organic Groups OG module 5.x before 5.x-4.0 and 5.x before 5.x-3.4 for Drupal allows remote attackers to inject arbitrary web script or HTML via unspecified node titles...

smb-enum-groups NSE Script

Obtains a list of groups from the remote Windows system, as well as a list of the group's users. This works similarly to enum.exe with the /G switch. The following MSRPC functions in SAMR are used to find a list of groups and the RIDs of their users. Keep in mind that MSRPC refers to groups as...

SA-CONTRIB-2009-105 - Subgroups for Organic Groups - Cross Site Scripting

The Subgroups For Organic Groups module enables users to set group hierarchy. The module does not filter the titles of some nodes before output, leading to a cross-site scripting XSS vulnerability. Versions affected Subgroups For Organic Groups versions for Drupal 5.x prior to 5.x-4.0 Drupal core...

Facebook Administrator Groups Hijacked

As of this morning, an anonymous group hijacked more than 200 Facebook groups and renamed them “Control Your Info”. Pasted on each group’s Wall was a message announcing that it had been “hijacked” and reminding members to be careful about controlling personal information on social networking site...