5958 matches found
September 2014 Microsoft Patch Tuesday security bulletins
The Operation SnowMan espionage campaign, which targeted military intelligence earlier this year via an Internet Explorer zero day, exposed a weak spot in Microsoft’s vulnerability management efforts. What was unique about the SnowMan operation is that it included a check as to whether the...
Microsoft Windows Task Scheduler Local Privilege Escalation Vulnerability
Description Microsoft Windows is prone to a local privilege-escalation vulnerability. A local attacker may exploit this issue to execute arbitrary code with the Local system account. Successful exploits will result in the complete compromise of affected computers. Technologies Affected Microsoft...
IBM WebSphere Portal 8.0.0.x Unified Task List Portlet Multiple Vulnerabilities (PI18909)
The version of IBM WebSphere Portal on the remote host is affected by multiple vulnerabilities in the Unified Task List UTL portlet : - An unspecified open redirect vulnerability exists that allows a remote attacker to perform a phishing attack by enticing a user to click a malicious URL...
ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities
ESA-2014-059.txt -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 ESA-2014-059: EMC Documentum Multiple Cross-Site Scripting Vulnerabilities EMC Identifier: ESA-2014-059 CVE Identifier: CVE-2014-2511 Severity Rating: CVSS v2 Base Score: 7.5 AV:N/AC:L/Au:N/C:P/I:P/A:P Affected products: • EMC WebTop...
CVE-2014-3070
The addFileRegistryAccount Virtual Member Manager VMM SPI Admin Task in IBM WebSphere Application Server WAS 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors...
Design/Logic Flaw
The addFileRegistryAccount Virtual Member Manager VMM SPI Admin Task in IBM WebSphere Application Server WAS 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3 does not properly create accounts, which allows remote attackers to bypass intended access restrictions via unspecified vectors...
CVE-2014-3070
The CVE-2014-3070 case affects IBM WebSphere Application Server where the addFileRegistryAccount (VMM SPI Admin Task) can bypass access restrictions due to improper account creation. Affected products/versions: WAS 8.0.x before 8.0.0.10 and 8.5.x before 8.5.5.3. IBM bulletins document remediation...
[SECURITY] Fedora 20 Update: ansible-1.6.10-1.fc20
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
[SECURITY] Fedora 19 Update: ansible-1.6.10-1.fc19
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
Information disclosure
The Unified Task List UTL Portlet for IBM WebSphere Portal 7.x and 8.x through 8.0.0.1 CF12 allows remote attackers to obtain potentially sensitive information about environment variables and JAR versions via unspecified vectors...
CVE-2014-3056
CVE-2014-3056: Affected product is IBM WebSphere Portal Unified Task List (UTL) Portlet on WebSphere Portal 7.x and 8.x up to 8.0.0.1 CF12. The issue is information disclosure exposing environment variables and certain JAR versions via unspecified vectors. This is an information disclosure vulner...
CVE-2014-3550
Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...
CVE-2014-3550
Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...
CVE-2014-3550
Multiple cross-site scripting XSS vulnerabilities in admin/tool/task/scheduledtasks.php in Moodle 2.7.x before 2.7.1 allow remote attackers to inject arbitrary web script or HTML via vectors that trigger a crafted 1 error or 2 success message for a scheduled task...
[SECURITY] Fedora 19 Update: ansible-1.6.6-1.fc19
Ansible is a radically simple model-driven configuration management, multi-node deployment, and remote task execution system. Ansible works over SSH and does not require any software or daemons to be installed on remote nodes. Extension modules can be written in any language and are transferred t...
PT-2014-3520 · Red Hat · Red Hat Cloudforms
Name of the Vulnerable Software and Affected Versions: Red Hat CloudForms versions prior to 5.2.4.2 Description: The issue allows remote attackers to cause a denial of service, resulting in an infinite loop and CPU consumption. This is due to a problem in the wait for task function...
Daphne - Tool for killing, controlling and debugging processes in Windows
Daphne is a small application for killing, controlling and debugging Windows’ processes. It was born to kill a windows process and became almost a task manager replacement. You can kill a process by dragging the mouse over the windows, by right-clicking the process in the main process list, or by...
OneOrZero Helpdesk <= 1.6.5.7 - Local File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl OneOrZero Helpdesk = 1.6.5.7 Local File Inclusion Vulnerability Script: OneOrZero Helpdesk and Task...
Vikingboard <= 0.2 Beta (task) Local File Inclusion Vulnerability
No description provided by source. :::::::-. ... ::::::. :::. ;;, ';, ;; ;;;;;;;, ;;; ' . ' $$, $$$$ $$$ $$$ Y$c$$ 888,o8P'88 .d888 888 Y88 MMMMP YmmMMMM MMM YM Discovered by dun \ dunatstrcpy.pl Vikingboard = 0.2 Beta Local File Inclusion Vulnerability Script: Vikingboard is a PHP-based discussi...
Sysax FTP Automation Server 5.33 Local Privilege Escalation
No description provided by source. Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Demo:...