39 matches found
OpenStack Nova RBAC安全绕过漏洞
Bugtraq ID:65753 CVE ID:CVE-2014-0167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。OpenStack Nova提供虚拟计算服务。 OpenStack Nova EC2 API安全组实现存在安全漏洞,如addrules, removerules 和destroy方法,受限用户可使用EC2 API绕过限制对安全组进行未授权操作。 0 OpenStack Nova 2013.1 - 2013.2.3 用户可参考如下厂商提供的安全补丁以修复该漏洞:...
OpenStack python-keystoneclient Cache安全绕过漏洞
OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 缓存处理多个,多次请求时存在错误,可被利用以另一个用户身份进行认证操作。 0 OpenStack python-keystoneclient 0.x OpenStack python-keystoneclient 0.7.0及之后版本以修复此漏洞,建议用户下载使用: https://launchpad.net/python-keystoneclient...
CVE-2013-6795
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...
Design/Logic Flaw
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...
CVE-2013-6795
The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...
CVE-2013-6795
CVE-2013-6795 affects Rackspace OpenStack Windows Guest Agent for XenServer prior to 1.2.6.0. The Updater accepts a serialized .NET object over TCP port 1984, triggering download and extraction of a ZIP that overwrites the Agent binary, enabling remote code execution. Impact: remote arbitrary cod...
PT-2013-6113 · Rackspace · Rackspace Openstack Windows Guest Agent
Name of the Vulnerable Software and Affected Versions: Rackspace Openstack Windows Guest Agent for XenServer versions prior to 1.2.6.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984. This triggers the download and...
RackSpace Windows Agent update spoofing
Binaries digital signature is not checked...
CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater
A vulnerability in the Rackspace Windows Agent and Updater was discovered that allows for modified Agent binaries to be remotely uploaded without authentication to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then ...
Debian Security Advisory DSA 2737-1 (swift - several vulnerabilities)
Several vulnerabilities have been discovered in Swift, the Openstack object storage. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings...
OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)
Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...
CVE-2012-5815
The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
Code injection
The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5815
The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...
CVE-2012-5815
The Rackspace app 2.1.5 for iOS is reported to not verify that the server hostname matches a domain in the certificate’s CN/subjectAltName, enabling man-in-the-middle via arbitrary valid certificates. According to the NVD entry, this yields partial confidentiality and partial integrity impact wit...
BitCoin hacked, More than 18,000 Bitcoins Stolen
Bitcoinica, a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. It's believed that at least 18,000 BTC $90,000 or 68,000 EUR have been stolen.News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong: "Today, we have...
Cloudworm - Candidate MS12-020 - POC
Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall...
Стив Джобс умер
Средства массовой информации сообщают о смерти Стива Джобса, бывшего CEO Apple. Можно по-разному относиться к Apple и Стиву, но отрицать то, что это знаковая фигура в IT-индустрии, создавшая множество трендов. Requiescat in pace, Стив. Приведу перевод сообщения на официальном сайте Apple: Apple...
Rackspace SQL Injection
-------------------------------------------------------------------------------------------------------------------------- + www.rackspace.com SQL Injection vulnerability + Found By: Rohit Bansal SCHAP Security http://schap.org + Date: 01-08-2009...