CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

CVE-2015-1426

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

Code injection

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

Puppet Labs Facter allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node.

Puppet Labs Facter 1.6.0 through 2.4.0 allows local users to obtains sensitive Amazon EC2 IAM instance metadata by reading a fact for an Amazon EC2 node...

Amazon Linux AMI : glibc (ALAS-2015-473)

A heap-based buffer overflow was found in glibc's nsshostnamedigitsdots function, which is used by the gethostbyname and gethostbyname2 glibc function calls. A remote attacker able to make an application call to either of these functions can use this flaw to execute arbitrary code with the...

SQL Server stored procedure Hacking（II）of the user to impersonate-vulnerability warning-the black bar safety net

Security pulse in the before provides SQL Server stored procedure Hacking series the first portion of the SQL Server stored procedure Hacking I of trusted database, now to translate the SQL Server stored procedure Hacking（II）of the user to impersonate on Application developers often use SQL Serve...

Server: Local Path Disclosure when using Asset Pipeline

ownCloud 7 introduced the so-called "Asset Pipeline". It is disabled by default, but can be enabled by setting asset-pipeline.enabled to true in config.php When the setting is enabled ownCloud concatenates all CSS and JS files into a single large blob file. Thus the amount of initial required...

Server: CSRF in "bookmarks" application

Due to not verifying the CSRF token on the import functionality of the "bookmarks" application, it was vulnerable against CSRF attacks. The "bookmarks" application is disabled by default. An unauthenticated attacker could have used this to import bookmarks into the "bookmarks" application if the...

CVE-2014-7832

mod/lti/launch.php in the LTI module in Moodle through 2.4.11, 2.5.x before 2.5.9, 2.6.x before 2.6.6, and 2.7.x before 2.7.3 performs access control at the course level rather than at the activity level, which allows remote authenticated users to bypass the mod/lti:view capability requirement by...

USN-2407-1: OpenStack Nova vulnerabilities

Garth Mollett discovered that OpenStack Nova did not properly clean up an instance when using rescue mode with the VMWare driver. A remove authenticated user could exploit this to bypass intended quota limits. By default, Ubuntu does not use the VMWare driver. CVE-2014-3608 Amrith Kumar discovere...

DEBIAN-CVE-2014-3474

Cross-site scripting XSS vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a networ...

CVE-2014-3474

Cross-site scripting XSS vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a networ...

CVE-2014-3474

Cross-site scripting XSS vulnerability in horizon/static/horizon/js/horizon.instances.js in the Launch Instance menu in OpenStack Dashboard Horizon before 2013.2.4, 2014.1 before 2014.1.2, and Juno before Juno-2 allows remote authenticated users to inject arbitrary web script or HTML via a networ...

CVE-2014-8333

The VMware driver in OpenStack Compute Nova before 2014.1.4 allows remote authenticated users to cause a denial of service disk consumption by deleting an instance in the resize state...

DEBIAN-CVE-2014-8333

The VMware driver in OpenStack Compute Nova before 2014.1.4 allows remote authenticated users to cause a denial of service disk consumption by deleting an instance in the resize state...

HTML does not render in Project Description

If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...

HTML does not render in Project Description

If you enter HTML into the project description it does not get rendered. Reproduced this on a clean 6.3.8 instance. Looks like this has happened in the past: https://jira.atlassian.com/browse/JRA-20032 https://jira.atlassian.com/browse/JRA-15906 Regression? Or possibly a different root cause?...

Western Digital MyBook Live Login Utility

This module simply attempts to login to a Western Digital MyBook Live instance using a specific user/pass. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'metasploit/framework/credentialcollection' require...

Drupal HTTP Parameter Key/Value SQL Injection

This module requires Metasploit: http//metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework require 'msf/core' class Metasploit3 'Drupal HTTP Parameter Key/Value SQL Injection', 'Description' = %q This module exploits the Drupal HTTP Parameter Key/Value SQL...

Drupal HTTP Parameter Key/Value SQL Injection

This module exploits the Drupal HTTP Parameter Key/Value SQL Injection aka Drupageddon in order to achieve a remote shell on the vulnerable instance. This module was tested against Drupal 7.0 and 7.31 was fixed in 7.32. Two methods are available to trigger the PHP payload on the target: - set...