CVE-2008-6905

Cross-site request forgery CSRF vulnerability in index.php in BabbleBoard 1.1.6 allows remote authenticated users to hijack the authentication of administrators for requests that delete 1 categories or 2 groups; 3 ban users; or 4 delete users via the admin page...

Joomla Groups Blind SQL Injection

Joomla component "comgroups" Blind SQL injection vulnerability Xploited by : PrincePwn3r Component Version : 1.0 Dork : inurl:"index.php?option=comgroups" Contact : 2p0wn0rn0t2p0wnatgmail.com...

ICANN Appointee: A Focus on Security

This week’s news that former National Cyber Security Center Director Rod Beckstrom was named as the newest president of ICANN – the Internet Corporation for Assigned Names and Numbers, the Net’s most influential governing body – is a very encouraging sign that we’re living in an era when issues o...

CVE-2009-0588

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

rhpki-ra: improper authorization checks in Cerificate System's Registration Authority

agent/request/op.cgi in the Registration Authority RA component in Red Hat Certificate System RHCS 7.3 and Dogtag Certificate System allows remote authenticated users to approve certificate requests queued for arbitrary agent groups via a modified request ID field...

Default credentials

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully condu...

CVE-2008-6792

system-tools-backends before 2.6.0-1ubuntu1.1 in Ubuntu 8.10, as used by "Users and Groups" in GNOME System Tools, hashes account passwords with 3DES and consequently limits effective password lengths to eight characters, which makes it easier for context-dependent attackers to successfully condu...

Debian Security Advisory DSA 1776-1 (slurm-llnl)

The remote host is missing an update to slurm-llnl announced via advisory DSA 1776-1. OpenVAS Vulnerability Test $Id: deb17761.nasl 6615 2017-07-07 12:09:52Z cfischer $ Description: Auto-generated from advisory DSA 1776-1 slurm-llnl Authors: Thomas Reinke Copyright: Copyright c 2009 E-Soft Inc...

Design/Logic Flaw

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

CVE-2009-1190

Algorithmic complexity vulnerability in the java.util.regex.Pattern.compile method in Sun Java Development Kit JDK before 1.6, when used with spring.jar in SpringSource Spring Framework 1.1.0 through 2.5.6 and 3.0.0.M1 through 3.0.0.M2 and dm Server 1.0.0 through 1.0.2, allows remote attackers to...

DSA-1776-1 slurm-llnl - privilege escalation

Bulletin has no description...

Senate bill proposes sweeping changes to U.S. cybersecurity

By Joby Warrick and Walter Pincus, Washington Post Federal legislators are working on a bill that would make major changes to the way that both government and private networks are protected. The Washington Post reports that the legislation not only will include more enforcement for regulations, b...

Countdown to Conficker's April 1st climax

By Byron Acohido, LastWatchdog.com Two schools of thought exist about what the Conficker worm will do come the wee hours of April 1, 2009, GMT. Some experts, like WinPatrol creator Bill Pytlovany, are sensing that the worm’s controllers will run circles lastwatchdog.com around the Microsoft-led...

Issue security based on workflow status

I would be great if permission types could be associated with workflow status. What we would like to do is limit the ability to edit an issue by the reporter to a specific workflow status. Using the issue security scheme is not possible since the reporter should always be allowed to view the issu...

USN-722-1: sudo vulnerability

Harald Koenig discovered that sudo did not correctly handle certain privilege changes when handling groups. If a local attacker belonged to a group included in a "RunAs" list in the /etc/sudoers file, that user could gain root privileges. This was not an issue for the default sudoers file shipped...

[SECURITY] Fedora 10 Update: squidGuard-1.2.1-2.fc10

squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users...

[SECURITY] Fedora 9 Update: squidGuard-1.2.1-2.fc9

squidGuard can be used to - limit the web access for some users to a list of accepted/well known web servers and/or URLs only. - block access to some listed or blacklisted web servers and/or URLs for some users. - block access to URLs matching a list of regular expressions or words for some users...

Fedora Core 10 FEDORA-2009-1074 (sudo)

The remote host is missing an update to sudo announced via advisory FEDORA-2009-1074. Note: This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2009 E-Soft Inc. Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the...

PT-2009-1078 · Sudo +1 · Sudo +1

Name of the Vulnerable Software and Affected Versions: sudo versions 1.6.9p17 through 1.6.9p19 Description: The issue concerns the improper interpretation of a system group in the sudoers file during authorization decisions for users belonging to that group. This allows local users to leverage an...

Umer Inc Songs Portal Script - 'id' SQL Injection

|| || | || o,7 || . o7 || 4||| ow, : / / . |-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=| | | | /' \ /'\ /\ \ /'\ /\ \ | | /, \ /\/\L\ \ \ \ ,/\ /\ \ \ \ / | | //\ \ /' \ /\ //\ Kings of injection | | // | | |...