Lucene search
+L

39 matches found

seebug.org
seebug.org
added 2014/04/16 12:0 a.m.44 views

OpenStack Nova RBAC安全绕过漏洞

Bugtraq ID:65753 CVE ID:CVE-2014-0167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。OpenStack Nova提供虚拟计算服务。 OpenStack Nova EC2 API安全组实现存在安全漏洞,如addrules, removerules 和destroy方法,受限用户可使用EC2 API绕过限制对安全组进行未授权操作。 0 OpenStack Nova 2013.1 - 2013.2.3 用户可参考如下厂商提供的安全补丁以修复该漏洞:...

6CVSS6.5AI score0.01647EPSS
Exploits1
seebug.org
seebug.org
added 2014/03/31 12:0 a.m.26 views

OpenStack python-keystoneclient Cache安全绕过漏洞

OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 缓存处理多个,多次请求时存在错误,可被利用以另一个用户身份进行认证操作。 0 OpenStack python-keystoneclient 0.x OpenStack python-keystoneclient 0.7.0及之后版本以修复此漏洞,建议用户下载使用: https://launchpad.net/python-keystoneclient...

7.1AI score
Exploits0
NVD
NVD
added 2013/12/24 6:55 p.m.20 views

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

9.3CVSS7.5AI score0.05343EPSS
Exploits1References7
Prion
Prion
added 2013/12/24 6:55 p.m.13 views

Design/Logic Flaw

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

9.3CVSS7.9AI score0.05343EPSS
Exploits1References7Affected Software1
Cvelist
Cvelist
added 2013/12/24 6:0 p.m.28 views

CVE-2013-6795

The Updater in Rackspace Openstack Windows Guest Agent for XenServer before 1.2.6.0 allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984, which triggers the download and extraction of a ZIP file that overwrites the Agent service binary...

7.5AI score0.05343EPSS
Exploits1References7
CVE
CVE
added 2013/12/24 6:0 p.m.185 views

CVE-2013-6795

CVE-2013-6795 affects Rackspace OpenStack Windows Guest Agent for XenServer prior to 1.2.6.0. The Updater accepts a serialized .NET object over TCP port 1984, triggering download and extraction of a ZIP that overwrites the Agent binary, enabling remote code execution. Impact: remote arbitrary cod...

9.3CVSS7.8AI score0.05343EPSS
Exploits1References7Affected Software1
Positive Technologies
Positive Technologies
added 2013/12/24 12:0 a.m.9 views

PT-2013-6113 · Rackspace · Rackspace Openstack Windows Guest Agent

Name of the Vulnerable Software and Affected Versions: Rackspace Openstack Windows Guest Agent for XenServer versions prior to 1.2.6.0 Description: The issue allows remote attackers to execute arbitrary code via a crafted serialized .NET object to TCP port 1984. This triggers the download and...

9.3CVSS7.5AI score0.05343EPSS
Exploits1References8
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.71 views

RackSpace Windows Agent update spoofing

Binaries digital signature is not checked...

9.3CVSS3AI score0.05343EPSS
Exploits1References1Affected Software1
securityvulns
securityvulns
added 2013/11/26 12:0 a.m.61 views

CVE-2013-6795 Vulnerability in the Rackspace Windows Agent and Updater

A vulnerability in the Rackspace Windows Agent and Updater was discovered that allows for modified Agent binaries to be remotely uploaded without authentication to Rackspace Cloud Server guest instances. Modified Agent binaries are processed as an update for the Agent and arbitrary code can then ...

9.3CVSS2.5AI score0.05343EPSS
Exploits1
OpenVAS
OpenVAS
added 2013/08/12 12:0 a.m.27 views

Debian Security Advisory DSA 2737-1 (swift - several vulnerabilities)

Several vulnerabilities have been discovered in Swift, the Openstack object storage. The Common Vulnerabilities and Exposures project identifies the following problems: CVE-2013-2161 Alex Gaynor from Rackspace reported a vulnerability in XML handling within Swift account servers. Account strings...

7.5CVSS0.4AI score0.01894EPSS
Exploits1References1
seebug.org
seebug.org
added 2013/06/25 12:0 a.m.43 views

OpenStack python-keystoneclient 安全绕过漏洞(CVE-2013-2167)

Bugtraq ID:60680 CVE ID:CVE-2013-2167 OpenStack是由Rackspace和NASA共同开发的云计算平台,帮助服务商和企业内部实现类似于Amazon EC2和S3的云基础架构。 OpenStack python-keystoneclient客户端中间件memcache加密实现存在安全漏洞,允许可直接对memcache后端或在中间人位置进行写访问的攻击者注入恶意数据来绕过签名安全策略。...

0.1AI score0.01696EPSS
Exploits1
NVD
NVD
added 2012/11/04 10:55 p.m.22 views

CVE-2012-5815

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.3AI score0.0057EPSS
Exploits1References2
Prion
Prion
added 2012/11/04 10:55 p.m.19 views

Code injection

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

5.8CVSS6.8AI score0.0057EPSS
Exploits1References2Affected Software1
Cvelist
Cvelist
added 2012/11/04 10:0 p.m.19 views

CVE-2012-5815

The Rackspace app 2.1.5 for iOS does not verify that the server hostname matches a domain name in the subject's Common Name CN or subjectAltName field of the X.509 certificate, which allows man-in-the-middle attackers to spoof SSL servers via an arbitrary valid certificate...

6.3AI score0.0057EPSS
Exploits1References2
CVE
CVE
added 2012/11/04 10:0 p.m.50 views

CVE-2012-5815

The Rackspace app 2.1.5 for iOS is reported to not verify that the server hostname matches a domain in the certificate’s CN/subjectAltName, enabling man-in-the-middle via arbitrary valid certificates. According to the NVD entry, this yields partial confidentiality and partial integrity impact wit...

5.8CVSS6.4AI score0.0057EPSS
Exploits1References2Affected Software1
The Hacker News
The Hacker News
added 2012/05/12 9:36 p.m.11 views

BitCoin hacked, More than 18,000 Bitcoins Stolen

Bitcoinica, a Bitcoin exchange started by a 17-year old teenager Zhou Tong, has been shut down for security investigations. It's believed that at least 18,000 BTC $90,000 or 68,000 EUR have been stolen.News of the hack was posted this morning by Bitcoinica's founder, Zhou Tong: "Today, we have...

6.7AI score
Exploits0
The Hacker News
The Hacker News
added 2012/04/02 6:2 a.m.17 views

Cloudworm - Candidate MS12-020 - POC

Cloudworm - Candidate MS12-020 - POC How secure are cloud servers? In technical circles, people are aware of the cloud variables and that cloud service providers offload the virtual machine security onto the customer as much as possible. Technical people know this. Not all cloud customers fall...

6.8AI score
Exploits0
rdot
rdot
added 2011/10/06 12:0 a.m.21 views

Стив Джобс умер

Средства массовой информации сообщают о смерти Стива Джобса, бывшего CEO Apple. Можно по-разному относиться к Apple и Стиву, но отрицать то, что это знаковая фигура в IT-индустрии, создавшая множество трендов. Requiescat in pace, Стив. Приведу перевод сообщения на официальном сайте Apple: Apple...

6.8AI score
Exploits0
Packet Storm
Packet Storm
added 2009/08/17 12:0 a.m.21 views

Rackspace SQL Injection

-------------------------------------------------------------------------------------------------------------------------- + www.rackspace.com SQL Injection vulnerability + Found By: Rohit Bansal SCHAP Security http://schap.org + Date: 01-08-2009...

Exploits0
Rows per page
Query Builder