openstack-glance: potential resource exhaustion and denial of service using images manipulation API

Multiple flaws were found in the glance task API that could cause untracked image data to be left in the back end. A malicious user could use these flaws to deliberately accumulate untracked image data, and cause a denial of service via resource exhaustion...

Cross site request forgery (csrf)

Multiple cross-site request forgery CSRF vulnerabilities in the Batch Jobs module before 7.x-1.2 for Drupal allow remote attackers to hijack the authentication of certain users for requests that 1 delete a batch job record or 2 execute a task via unspecified vectors...

Cross site request forgery (csrf)

Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...

CVE-2015-3350

Cross-site request forgery CSRF vulnerability in the Todo Filter module before 6.x-1.1 and 7.x-1.x before 7.x-1.1 for Drupal allows remote attackers to hijack the authentication of arbitrary users for requests that toggle a task via unspecified vectors...

Microsoft Task Scheduler Elevation of Privilege Vulnerability

Windows is a windowed operating system developed by Microsoft Corporation in the United States. Microsoft Task Scheduler is used for task scheduling. Due to the presence of invalid tasks on some systems, Task Scheduler is implemented with an elevation of privilege vulnerability. Exploiting this...

Microsoft patch day 2015-4-14: the repair of many high-risk IE, Windows, Office vulnerabilities-vulnerability warning-the black bar safety net

Monthly the second Tuesday, Microsoft fixed the patch to fix the day, Microsoft on Tuesday（2015-4-14 the“patch day”on repairing a large number of vulnerabilities, which includes many IE, Windows, Office, high-risk vulnerabilities. Update announcement MS15-0 3 4 announcement MS15-0 3 4 announcemen...

MS15-037: Vulnerability in Windows Task Scheduler Could Allow Elevation of Privilege (3046269)

The remote Windows host is affected by a privilege escalation vulnerability due to improper handling of invalid tasks in the Task Scheduler. If a known invalid task is present on the system, a local attacker can exploit the task to cause Task Scheduler to execute a crafted application with System...

Privilege escalation

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."...

CVE-2015-0098

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."...

CVE-2015-0098

The CVE-2015-0098 issue affects Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1, specifically Task Scheduler. The root cause is improper handling of invalid tasks, allowing a local attacker to cause Task Scheduler to execute a crafted application with SYSTEM privileges (local privilege esc...

CVE-2015-0098

Task Scheduler in Microsoft Windows 7 SP1 and Windows Server 2008 R2 SP1 allows local users to gain privileges by triggering application execution by an invalid task, aka "Task Scheduler Elevation of Privilege Vulnerability."...

Comala Workflows newtask.action taskName has multiple reflected cross-site scripting vulnerabilities

Comala Workflows is a WEB-based application. Comala Workflows newtask.action script handles A cross-site scripting vulnerability exists in taskName, which can be exploited by a remote attacker to construct a malicious URI and trick the user into parsing it, which can be used to obtain a sensitive...

Microsoft Windows Task Scheduler CVE-2015-0098 Remote Privilege Escalation Vulnerability

Description Microsoft Windows Kernel is prone to a remote privilege-escalation vulnerability. An attacker can exploit this issue to gain elevated privileges within the context of the System account. Technologies Affected Avaya Meeting Exchange - Client Registration Server 5.0 Avaya Meeting Exchan...

Information disclosure

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen...

CVE-2015-1116

The UIKit View component in Apple iOS before 8.3 displays unblurred application snapshots in the Task Switcher, which makes it easier for physically proximate attackers to obtain sensitive information by reading the device screen...

CVE-2015-1116

The CVE-2015-1116 entry concerns Apple iOS UIKit View, where before iOS 8.3, application snapshots shown in the Task Switcher were not blurred, enabling local attackers in close proximity to read sensitive information from the screen. Affected software: iOS versions prior to 8.3 (UIKit View snaps...

Apple iOS Task Switcher Sensitive Information Disclosure Vulnerability

Apple iOS is the latest operating system that runs on Apple's iPhone and iPod touch devices. A security vulnerability exists in Apple iOS UIKit. A remote attacker can exploit the vulnerability to expose data in application snapshots to Task Switcher to obtain sensitive information...

[SECURITY] Fedora 21 Update: rt-4.2.10-2.fc21

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

SAP EMR Unwired and Clinical Task Tracker Access Restriction Bypass Vulnerabilities

SAP EMR Unwired is a mobile app that enables physicians and nurses to instantly access patient data when they need it.SAP Clinical Task Tracker is an easy and secure way to access clinical tasks assigned to your patients anytime, anywhere. SAP EMR Unwired and Clinical Task Tracker fail to properl...

CVE-2015-2814

SAP EMR Unwired com.sap.mobile.healthcare.emr.v2 and Clinical Task Tracker com.sap.mobile.healthcare.ctt does not properly restrict access, which allows remote attackers to change the backendurl, clientid, ssourl, and infopageurl settings via unspecified vectors, aka SAP Security Note 2117079...