Harvest: Unauthorized access to all the actions of invoices by PM (Access control Issues)

Hi Team, Description : Project ManagerFull access Can't access the projects and invoices which are not assigned to him.But this can be bypassed and following action Can be done by Any project manager : 1. Mark as send 2.Mark as draft 3.Mark as closed 4.Mark as open Any manager Can change above...

Scientific Linux Security Update : php on SL6.x i386/x86_64 (20160811) (httpoxy)

Security Fixes : - It was discovered that PHP did not properly protect against the HTTPPROXY variable name clash. A remote attacker could possibly use this flaw to redirect HTTP requests performed by a PHP script to an attacker- controlled proxy via a malicious HTTP request. CVE-2016-5385...

Microsoft Edge GetRefererUrl Use-After-Free Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Edge. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The vulnerability relates to how Microsof...

NUUO 3.0.8 Add Admin Cross Site Request Forgery

i? input type="hidden" name="add...

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery (Add Admin)

NUUO NVRmini 2 3.0.8 - Cross-Site Request Forgery Add Admin input type="hidden" name="password2" value=...

MongoDB phpMoAdmin Unauthenticated Remote Code Execution (CVE-2015-2208)

A remote code execution vulnerability exists in MongoDB administration tool for PHP. The vulnerability is due to insufficient validation of user supplied input when processing HTTP requests. A remote authenticated attacker could exploit this vulnerability by sending a malicious request...

phpMyAdmin Multiple Information Disclosure Vulnerabilities

phpMyAdmin is prone to multiple information disclosure vulnerabilities. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Cisco RV180 VPN and RV180W Wireless-N Multifunction VPN Routers Remote Code Execution Vulnerability

A vulnerability in the web interface of the Cisco RV180 VPN Router and Cisco RV180W Wireless-N Multifunction VPN Router could allow an authenticated, remote attacker to execute arbitrary commands with root-level privileges. The vulnerability is due to improper input validation of HTTP requests. A...

Iris ID IrisAccess ICU 7000-2 XSS / Cross Site Request Forgery

i? Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The...

MGASA-2016-0262 Updated apache packages fix security vulnerability

It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A remote attacker could...

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF...

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities

Summary The ICU 7000-2 is an optional component used when the client requires iris template data to be matched on the secure side of the door. When using ICU no data is stored in the iCAM7 Iris Reader itself. The ICU also ensures that portal operation can continue if the there is an interruption ...

Iris ID IrisAccess ICU 7000-2 - Multiple Vulnerabilities

Iris ID IrisAccess ICU 7000-2 Multiple XSS and CSRF Vulnerabilities Vendor: Iris ID, Inc. Product web page: http://www.irisid.com Affected version: ICU Software: 1.00.08 ICU OS: 1.3.8 ICU File system: 1.3.8 EIF Firmware Channel 1: 1.9 EIF Firmware Channel 2: 1.9 Iris TwoPi: 1.4.5 Summary: The ICU...

CVE-2016-1000110

The CGIHandler class in Python before 2.7.12 does not protect against the HTTPPROXY variable name clash in a CGI script, which could allow a remote attacker to redirect HTTP requests...

Debian DLA-553-1 : apache2 security update (httpoxy)

Scott Geary of VendHQ discovered that the Apache HTTPD server used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP...

Scientific Linux Security Update : httpd on SL5.x, SL6.x i386/x86_64 (20160718) (httpoxy)

Security Fixes : - It was discovered that httpd used the value of the Proxy header from HTTP requests to initialize the HTTPPROXY environment variable for CGI scripts, which in turn was incorrectly used by certain HTTP client implementations to configure the proxy for outgoing HTTP requests. A...

Ubuntu 14.04 LTS / 16.04 LTS : Apache HTTP Server vulnerability (USN-3038-1)

The remote Ubuntu 14.04 LTS / 16.04 LTS host has packages installed that are affected by a vulnerability as referenced in the USN-3038-1 advisory. It was discovered that the Apache HTTP Server would set the HTTPPROXY environment variable based on the contents of the Proxy header from HTTP request...

RedHat Update for httpd RHSA-2016:1421-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

RedHat Update for httpd RHSA-2016:1422-01

The remote host is missing an update for the SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CentOS 5 / 6 : httpd (CESA-2016:1421) (httpoxy)

An update for httpd is now available for Red Hat Enterprise Linux 5 and Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available...