CVE-2013-2185

CVE-2013-2185 involves DiskFileItem in Apache Commons FileUpload used with Red Hat JBoss EAP 6.1.0 and JBoss Portal 6.0.0. The issue stems from deserialization of a serialized DiskFileItem where a NULL byte in a filename can let a remote attacker write to arbitrary files. The description notes a ...

CVE-2014-0261

Microsoft Dynamics AX 4.0 SP2, 2009 SP1, 2012, and 2012 R2 allows remote authenticated users to cause a denial of service instance outage via crafted data to an Application Object Server AOS instance, aka "Query Filter DoS Vulnerability."...

CVE-2010-5292

Amberdms Billing System (ABS) prior to version 1.4.1, in multi-instance setups, allows local users to read cached data during the cron-triggered services_usage.php run, exposing sensitive information. Affected component is the cache between cron executions; root cause described as reading cache b...

DEBIAN-CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

CVE-2013-6419

Interaction error in OpenStack Nova and Neutron before Havana 2013.2.1 and icehouse-1 does not validate the instance ID of the tenant making a request, which allows remote tenants to obtain sensitive metadata by spoofing the device ID that is bound to a port, which is not properly handled by 1...

IBM DB2 9.7 < Fix Pack 9 Multiple Vulnerabilities

According to its version, the installation of IBM DB2 9.7 running on the remote host is prior to Fix Pack 9. It is, therefore, affected by one or more of the following vulnerabilities : - The included software, GSKit, contains several errors related to SSL and TLS that can result in denial of...

OpenStack Heat CFN策略安全绕过漏洞

Bugtraq ID:64243 CVE ID:CVE-2013-6426 OpenStack Heat类似于亚马逊的CloudFormation,它可以基于政策对可能发生的情况定义一个模板。 OpenStack Heat默认API策略实施存在安全漏洞，通过调用CreateStack或UpdateStack方法，in-instance用户可创建或者更新与默认策略相冲突的栈。使用Heat's cloudformation-compatible API的设置受此漏洞影响。 0 OpenStack Heat 2013.x 厂商补丁： OpenStack -----...

DEBIAN-CVE-2013-6426

The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...

UBUNTU-CVE-2013-6426

The cloudformation-compatible API in OpenStack Orchestration API Heat before Havana 2013.2.1 and Icehouse before icehouse-2 does not properly enforce policy rules, which allows local in-instance users to bypass intended access restrictions and 1 create a stack via the CreateStack method or 2 upda...

DEBIAN-CVE-2013-6858

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

CVE-2013-6858

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

Cross site scripting

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

CVE-2013-6858

Multiple cross-site scripting XSS vulnerabilities in OpenStack Dashboard Horizon 2013.2 and earlier allow local users to inject arbitrary web script or HTML via an instance name to 1 "Volumes" or 2 "Network Topology" page...

Bamboo exposes username and password if Git checkout fails.

If the repository checkout fails, the username and password are exposed in plain text on the web interface and in the logs. To reproduce: Environment: on-demand instance version 5.2-OD-4, Build 4004 Create a plan that checks out a git repository using https with authentication. Run plan Do...

DEBIAN-CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

Design/Logic Flaw

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...

CVE-2013-2186

The DiskFileItem class in Apache Commons FileUpload, as used in Red Hat JBoss BRMS 5.3.1; JBoss Portal 4.3 CP07, 5.2.2, and 6.0.0; and Red Hat JBoss Web Server 1.0.2 allows remote attackers to write to arbitrary files via a NULL byte in a file name in a serialized instance...