User receives an email even though they don't have access to the page where a task was unassigned

h3. Steps to reproduce: Find/Create a space that has restricted view access Create a page and assign a task to a user that doesn't have view access to the page. Save the page. User does not receive an email, and the task does not show up in the user's to-do correct behavior Edit the page and...

Adobe ColdFusion scheduleedit.cfm Authentication Bypass (CVE-2013-0625)

An authentication bypass vulnerability has been reported in ColdFusion servers. The vulnerability is due to enabling unauthenticated attacker to create a scheduled task which will be performed and allow attacker-controlled code to be uploaded to the vulnerable server. A remote attacker could...

Windows Manage User Level Persistent Payload Installer

This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit web site for more information on licensing and terms of use. http://metasploit.com/ require 'msf/core' require 'rex' require 'msf/core/post/common' require...

Windows Manage User Level Persistent Payload Installer

Creates a scheduled task that will run using service-for-user S4U. This allows the scheduled task to run even as an unprivileged user that is not logged into the device. This will result in lower security context, allowing access to local resources only. The module requires 'Logon as a batch job'...

RHEL 5 : kernel (RHSA-2011:1813)

The remote Redhat Enterprise Linux 5 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2011:1813 advisory. - kernel: sctp dos CVE-2011-2482 - kernel: rpc task leak after flocking NFS share CVE-2011-2491 - kernel: /proc/PID/io infoleak CVE-2011-249...

All Veeam services stop at the same time everyday

Challenge Veeam services stop at the same time every night. Cause Microsoft SCCM has a Health Agent Task scheduled to run over night. The task does not support WMI 3.0. WMI 3.0 is incorporated in Veeam Backup & Replication as a dependency. When the Health Agent clears the WMI repository, it kills...

Low: Red Hat Security Advisory: kernel security and bug fix update

Updated kernel packages that fix one security issue and one bug are now available for Red Hat Enterprise Linux 6.1 Extended Update Support. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Fedora Update for rt3 FEDORA-2012-17174

Check for the Version of rt3 OpenVAS Vulnerability Test Fedora Update for rt3 FEDORA-2012-17174 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This program is free software; you can redistribute it and/or modify it under the terms of...

[SECURITY] Fedora 18 Update: rt3-3.8.15-1.fc18

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

[SECURITY] Fedora 16 Update: rt3-3.8.15-1.fc16

RT is an enterprise-grade ticketing system which enables a group of people to intelligently and efficiently manage tasks, issues, and requests submitt ed by a community of users...

Sysax FTP Automation Server 5.33 Privilege Escalation

Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Demo:...

Sysax FTP Automation Server 5.33 Local Privilege Escalation

Exploit for windows platform in category local exploits Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Dem...

Sysax FTP Automation Server 5.33 - Local Privilege Escalation

Sysax FTP Automation Server 5.33 - Local Privilege Escalation Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 20...

Sysax FTP Automation Server 5.33 - Local Privilege Escalation

Title: Sysax FTP Automation Server Local Privilege Escalation Author: Craig Freyman @cd1zz OS Tested: XP SP3 32bit Version Tested: 5.33 Date Discovered: October 1, 2012 Vendor Contacted: October 21, 2012 Vendor Response: November 1, 2012 Demo:...

Vm86 - Syscall Task Switch Kernel Panic (Denial of Service) Privilege Escalation

Vm86 - Syscall Task Switch Kernel Panic Denial of Service Privilege Escalation Source: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ Introduction Problem description: The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from...

Vm86 - Syscall Task Switch Kernel Panic Denial of Service / Privilege Escalation

Source: http://www.halfdog.net/Security/2013/Vm86SyscallTaskSwitchKernelPanic/ Introduction Problem description: The initial observation was, that the linux vm86 syscall, which allows to use the virtual-8086 mode from userspace for emulating of old 8086 software as done with dosemu, was prone to...

Novell ZENworks Asset Management 7.5 Configuration Access

This module exploits a hardcoded user and password for the GetConfig maintenance task in Novell ZENworks Asset Management 7.5. The vulnerability exists in the Web Console and can be triggered by sending a specially crafted request to the rtrlet component, allowing a remote unauthenticated user to...

DataWatch Monarch Business Intelligence (BI) v5.1 admin section stored cross-site scripting

DataWatch Monarch BI v5.1 admin section stored cross-site scripting Class: Input Validation Error Remote: Yes Local: No Published: 26/06/2012 Credit: Raymond Rizk of Dionach Limited [email protected] Vulnerable: DataWatch Monarch BI v5.1 DataWatch's Monarch BI admin section is prone to a stored...

CVE-2011-5109

Multiple SQL injection vulnerabilities in Freelancer calendar 1.01 and earlier allow remote attackers to inject arbitrary web script or HTML via the SearchField parameter in a search action to 1 categorylist.php, 2 Copyofcalendarlist.php, 3 customerstatisticslist.php, 4 customerlist.php, and 5...

WespaJuris <= 3.0 upload shell Vulnerability

Exploit for php platform in category web applications Then, go to http://localhost/juris/clientdir/30/d...