XSRF - complete task request omits atl-token

Potential XSRF vulnerability in tasks. No atl-token is present in the request to complete a task which suggests an attacker may be able to craft a cross site request forgery and action a task without the correct authorisation...

XSRF - complete task request omits atl-token

Potential XSRF vulnerability in tasks. No atl-token is present in the request to complete a task which suggests an attacker may be able to craft a cross site request forgery and action a task without the correct authorisation...

XSRF - complete task request omits atl-token

Potential XSRF vulnerability in tasks. No atl-token is present in the request to complete a task which suggests an attacker may be able to craft a cross site request forgery and action a task without the correct authorisation...

PYSEC-2015-37

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

CVE-2014-9684

OpenStack Image Registry and Delivery Service Glance 2014.2 through 2014.2.2 does not properly remove images, which allows remote authenticated users to cause a denial of service disk consumption by creating a large number of images using the task v2 API and then deleting them before the uploads...

IBM Business Process Manager Search REST API Access Bypass Vulnerability

IBM Business Process Manager is a comprehensive BPM platform that integrates WebSphere Lombardi, the industry's leading human-centric business process management platform, and WPS, a business process management platform centered on SOA integration. A security vulnerability exists in IBM BPM's...

OpenStack Glance Denial of Service Vulnerability (CNVD-2015-01203)

Glance provides restful APIs to query the metadata of a virtual machine image, and can obtain the image. A denial of service vulnerability exists in OpenStack Glance, as the OpenStack Glance import task fails to update the image, allowing an attacker to exploit the vulnerability to crash the...

Sql injection

SQL injection vulnerability in the CMSJunkie J-ClassifiedsManager component for Joomla! allows remote attackers to execute arbitrary SQL commands via the id parameter in a viewad task to classifieds/offerring-ads...

Unbreakable Enterprise kernel security and bugfix update

2.6.39-400.246.2 - net: sctp: fix NULL pointer dereference in af-fromaddrparam on malformed packet Daniel Borkmann Orabug: 20425333 CVE-2014-7841 2.6.39-400.246.1 - sched: Fix possible divide by zero in avgatom calculation Mateusz Guzik Orabug: 20148169 - include/linux/math64.h: add div64ul Alex...

Apple Mac OSX networkd - effective_audit_token XPC Type Confusion Sandbox Escape

Apple Mac OSX networkd - effectiveaudittoken XPC Type Confusion Sandbox Escape // Requires Lorgnette: https://github.com/rodionovd/liblorgnette // clang -o networkdexploit networkdexploit.c liblorgnette/lorgnette.c -framework CoreFoundation // ianbeer include include include include include inclu...

KPPW最新版SQL注入漏洞八(全局问题导致12处注入及越权操作)

简要描述： KPPW最新版SQL注入漏洞八，从一处问题找出罪魁祸首，全局文件问题导致12处注入及越权操作 详细说明： KPPW最新版SQL注入漏洞八，从一处问题找出罪魁祸首，全局文件问题导致12处注入及越权操作 文件/control/pubgoods.php sysconfig'indexseodesc'; $id = intval$id; $step = strvaltrim$step; ...... $strUrl = "index.php?do=pubgoods&id=".$id; $SESSION'spread' = 'index.php?do=pubgoods'; requir...

Linux Kernel libfutex Local Root for RHEL/CentOS 7.0.1406 Exploit

Exploit for linux platform in category local exploits / CVE-2014-3153 exploit for RHEL/CentOS 7.0.1406 By Kaiqu Chen email protected Based on libfutex and the expoilt for Android by GeoHot. Usage: $gcc exploit.c -o exploit -lpthread $./exploit / include include include include include include...

KLA10601 Multiple vulnerabilities in Microsoft products

Multiple serious vulnerabilities have been found in Microsoft products. Malicious users can exploit these vulnerabilities to bypass security restrictions, cause denial of service gain privileges, execute arbitrary code or obtain sensitive information. Below is a complete list of vulnerabilities 1...

Information disclosure

The SomTodo - Task/To-do widget aka com.somcloud.somtodo application 2.0.3 for Android does not verify X.509 certificates from SSL servers, which allows man-in-the-middle attackers to spoof servers and obtain sensitive information via a crafted certificate...

CVE-2014-7049

The CVE-2014-7049 entry concerns the SomTodo (com.somcloud.somtodo) Android app version 2.0.3, which does not verify X.509 certificates from SSL servers. This trust weakness allows a man-in-the-middle to spoof servers and obtain sensitive information via a crafted certificate. The vulnerability a...

Microsoft Unveils Windows 10 — The Next Version Of Windows Operating system

While the whole world was waiting for the next generation of Windows operating system, i.e. Windows 9, but skipping right over 9, Microsoft has announced the next version of its Windows is Windows 10, disclosing its first details on Tuesday at an event in San Francisco. The latest version of...

[SECURITY] Fedora 20 Update: kdeadmin-4.14.1-1.fc20

The kdeadmin metapackage includes administrative tools including: kcron: systemsettings module for the cron task scheduler ksystemlog: system log viewer kuser: user manager...

5pmweb.com Cross Site Scripting

author: provensec description: Easy, Customizable Project Management SAS vendor: 5pmweb.com exploit 1 Goto site. 5pmweb.com/index.php 2 Add new task fill description and name field with xss payload " and then click on the task as given in the screenshot http://prntscr.com/4pxe6j 3 Javascript will...

Microsoft Windows multiple security vulnerabilities

Windows Media Center use-after-free, drivers privilege escalation, .Net restriction bypass and DoS, LRPC restriction bypass, Windows Installer service privilege escalation, Internet Explorer multiple security vulnerabilities, Task Scheduler privilege escalation...

CVE-2014-4074

The Task Scheduler in Microsoft Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allows local users to gain privileges via an application that schedules a crafted task, aka "Task Scheduler Vulnerability."...