Open-Xchange: [IDOR] Deleting other people's tasks

Description When creating tasks each task is assigned with an id value. Using this id it's possible to delete any task created in the same instance even if you don't actually have access to viewing or editing the task. Steps to Reproduce 1 Login to https://sandbox.open-xchange.com/ with user1 2...

CVE-2017-16962

The WebMail components Crystal, pronto, and pronto4 in CommuniGate Pro before 6.2.1 have stored XSS vulnerabilities via 1 the location or details field of a Google Calendar invitation, 2 a crafted Outlook.com calendar aka Hotmail Calendar invitation, 3 e-mail granting access to a directory that h...

Horde Groupware Cross-Site Scripting Vulnerability (CNVD-2017-37743)

Horde Groupware is a free, enterprise-grade, browser-based collaboration suite. A cross-site scripting vulnerability exists in Horde Groupware 5.2.19. A cross-site scripting attack can be performed via the Color field in the "Create Task List" action, which can lead to remote code execution...

Cross site scripting

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

UBUNTU-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

DEBIAN-CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware 5.2.19 and 5.2.21, there is XSS via the Color field in a Create Task List action...

CVE-2017-16907

In Horde Groupware, CVE-2017-16907 is a documented XSS in the Color field of a Create Task List action affecting Horde Groupware 5.2.19 and 5.2.21. Debian LTS advisories report fixes in php-horde-core (2.27.6+debian1-2+deb9u1) and php-horde (5.2.13+debian0-1+deb9u3) for Debian 9 stretch, indicati...

Ulterius Directory Traversal Vulnerability

Ulterius is a set of remote control management tools. A directory traversal vulnerability exists in the 'Process' function of the RemoteTaskServer/WebServer/HttpServer.cs file in versions of Ulterius prior to 1.9.5.0. An attacker can exploit this vulnerability to download files...

Creation of Platform Layer fails with a time out error from Vsphere

During creation of Platform layer, Task fails and we get an error on the App layering console as "A timeout occurred waiting for a vsphere task to complete"...

[SECURITY] Fedora 26 Update: ansible-2.4.1.0-2.fc26

Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...

Linux Kernel 4.1.3 (Ubuntu 17.10) waitid() SMEP/SMAP Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

Linux Kernel 4.13 (Ubuntu 17.10) - 'waitid()' SMEP/SMAP/Chrome Sandbox Privilege Escalation

// Proof of concept exploit for waitid bug introduced in Linux Kernel 4.13 // By Chris Salls twitter.com/chrissalls // This exploit can be used to break out out of sandboxes such as that in google chrome // In this proof of concept we install the seccomp filter from chrome as well as a chroot, //...

Introducing GoCrack: A Managed Password Cracking Tool

FireEye's Innovation and Custom Engineering ICE team released a tool today called GoCrack that allows red teams to efficiently manage password cracking tasks across multiple GPU servers by providing an easy-to-use, web-based real-time UI Figure 1 shows the dashboard to create, view, and manage...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...

‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine

ARCHIVED STORY ‘BadRabbit’ Ransomware Burrows Into Russia, Ukraine By Raj Samani · October 24, 2017 This post was researched and written by Tim Hux, David Marcus, Charles McFarland, Douglas McKee, and Raj Samani. McAfee is currently investigating a ransomware campaign known as BadRabbit, which...