9100 matches found
samba: smbcacls will delete ACL lists in certain circumstances
The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...
CVE-2014-0634
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Code injection
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
CVE-2014-0634
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 is affected by a Missing HttpOnly attribute in a Set-Cookie header for an unspecified cookie, which could allow remote attackers to access potentially sensitive information via script. Affected products: VPLEX GeoSynchrony 4.0–5.2.1. Root cause: absen...
CVE-2014-0634
EMC VPLEX GeoSynchrony 4.x and 5.x before 5.3 does not include the HTTPOnly flag in a Set-Cookie header for an unspecified cookie, which makes it easier for remote attackers to obtain potentially sensitive information via script access to this cookie...
Vulnerability in core server (CVE-2014-0060)
SET ROLE bypasses lack of ADMIN OPTION...
UBUNTU-CVE-2014-2599
The HVMOPsetmemaccess HVM control operations in Xen 4.1.x for 32-bit and 4.1.x through 4.4.x for 64-bit allow local guest administrators to cause a denial of service CPU consumption by leveraging access to certain service domains for HVM guests and a large input...
Puppet Enterprise 3.x < 3.2.0 Multiple Vulnerabilities
According to its self-reported version number, the Puppet Enterprise 3.x install on the remote host is prior to 3.2.0. As a result, it is reportedly affected by multiple vulnerabilities : - An error exists related to the PE consoles and identity verification that could allow security bypasses...
DEBIAN-CVE-2013-6442
The ownerset function in smbcacls.c in smbcacls in Samba 4.0.x before 4.0.16 and 4.1.x before 4.1.6 removes an ACL during use of a --chown or --chgrp option, which allows remote attackers to bypass intended access restrictions in opportunistic circumstances by leveraging an unintended...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Eventy Plus Cross Site Request Forgery
Author: TUNISIAN CYBER + Exploit Title: Eventy Plus Cross-Site Request Forgery Add Admin Vulnerability + Date: 03-03-2014 + Category: WebApp + Tested on: KaliLinux/Windows 7 Pro + CWE: CWE-352 + Vendor: http://calendarscripts.info/ + Friendly Sites: na3il.com,th3-creative.com + Twitter: @TCYB3R...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
postgresql: SET ROLE without ADMIN OPTION allows adding and removing group members
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
UBUNTU-CVE-2014-0060
PostgreSQL before 8.4.20, 9.0.x before 9.0.16, 9.1.x before 9.1.12, 9.2.x before 9.2.7, and 9.3.x before 9.3.3 does not properly enforce the ADMIN OPTION restriction, which allows remote authenticated members of a role to add or remove arbitrary users to that role by calling the SET ROLE command...
Cross site request forgery (csrf)
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6166
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
Cross site request forgery (csrf)
Google Chrome before 29 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
CVE-2013-6167
The CVE-2013-6167 issue affects Mozilla Firefox before version 28 (reported as Firefox through 27) where HTTP Cookie headers are sent without validating required character-set restrictions. The root cause is improper handling/validation of cookie character sets, enabling attackers to craft a para...
CVE-2013-6167
Mozilla Firefox through 27 sends HTTP Cookie headers without first validating that they have the required character-set restrictions, which allows remote attackers to conduct the equivalent of a persistent Logout CSRF attack via a crafted parameter that forces a web application to set a malformed...
The Mask Malware: A 7-Year Cyber Espionage Campaign Unmasked
A sophisticated cyber spying operation, The Mask , that has been under the radar for about 7 years and targeted approximately 31 countries, has now been unmasked by researchers at Kaspersky Labs. Researchers believe the campaign has been active since 2007 and is a highly sophisticated nation-stat...