311 matches found
Duplicate App Icons on Receiver for Windows
This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. Affected users see multiple stores configured CCA4-UK, CCA4-UK1, CCA4-UK2 and so on. Receiver was...
Kerio Control 8.6.1 - Multiple Vulnerabilities
Exploit for php platform in category web applications Title: Multiple Vulnerabilities in Kerio Control Virtual Appliance Vulnerabilities: SQL Injection, Remote Code Execution through CSRF Product: Kerio Control Homepage: http://www.kerio.com Affected Version: = 8.6.1 Fixed Version: 8.6.2 partiall...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
[Full-disclosure] Magnolia CMS multiple access control vulnerabilities
Subject: ====== Multiple access control vulnerabilities in Magnolia CMS, Community and Enterprise editions CVE ID: ====== CVE-2013-4621 Summary: ======== A non-admin user such as default users eric / peter can access and execute multiple administrative functionalities of the CMS by accessing...
Multiple vulnerabilities in LogAnalyzer
Advisory ID: CSA-12005 Title: Multiple vulnerabilities in LogAnalyzer Product: LogAnalyzer Version: 3.4.2 and probably prior Vendor: adiscon.com Vulnerability type: SQL injection, XSS, Arbitrary File Read Risk level: 2 / 3 Credit: www.codseq.it CVE: Vendor notification: 2012-05-21 Public...
Postfixadmin 2.3.4 SQL Injection / Cross Site Scripting
Advisory ID: CSA-12002 Title: Multiple vulnerabilities in postfixadmin Product: postfixadmin Version: 2.3.4 and probably prior Vendor: www.postifixadmin.org Vulnerability type: SQL injection, XSS Vendor notification: 2012-01-10 Public disclosure: 2012-01-26 postfixadmin version 2.3.4 and probably...
Oracle WebLogic Admin State Unspecified Privilege Escalation (CVE-2008-4011)
According to its self-reported banner, the version of Oracle WebLogic Server running on the remote host is affected by an unspecified privilege escalation vulnerability such that some applications in admin state are made available to non-admin users. %NASLMINLEVEL 70300 C Tenable Network Security...
Debian DSA-2015-1 : drbd8 - privilege escalation
A local vulnerability has been discovered in drbd8. Philipp Reisner fixed an issue in the drbd kernel module that allows local users to send netlink packets to perform actions that should be restricted to users with CAPSYSADMIN privileges. This is a similar issue to those described by...
Simple PHP Blog config/users.php Arbitrary User Password Hash Disclosure
The version of Simple PHP Blog installed on the remote host allows an unauthenticated, remote attacker to retrieve information about non-admin users defined to the application, including their user names and password hashes, which could in turn be used to gain access to the application. While the...
Minigal 2 critical XSS
Title: Minigal 2 critical XSS Author: Jose Carlos Norte [email protected] Date: 4-3-2008 Severity: high Vendor URL: http://www.minigal.dk/ ------- Introduction Minigal 2a.k.a. MG2 is a picture album written in PHP, it have a simple administration panels, and makes non-ajax browsable albums. -------...
Security Bulletin MS01-008
--------------------------------------------------------------------- Title: NTLMSSP Privilege Elevation Vulnerability Date: 07 February 2001 Software: Windows NT 4.0 Impact: Privilege Elevation Bulletin: MS01-008 Microsoft encourages customers to review the Security Bulletin at:...