[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248392

 
 

909

 
 

195452

 
 

282

 
 
 
Paid content will be excluded from the download.

Filter
Matches : 246942 Download | Alert*

An issue was discovered in switchGroup() in agent/ExecHelper/ExecHelperMain.cpp in Phusion Passenger before 5.3.2. The set of groups (gidset) is not set correctly, leaving it up to randomness (i.e., uninitialized memory) which supplementary groups are actually being set while lowering privileges.

Cloud Foundry Foundation UAA, versions 4.12.X and 4.13.X, introduced a feature which could allow privilege escalation across identity zones for clients performing offline validation. A zone administrator could configure their zone to issue tokens which impersonate another zone, granting up to admin privileges in the impersonated zone for clients performing offline token validation.

An issue was discovered in Eventum 3.5.0. /htdocs/switch.php has an Open Redirect via the current_page parameter.

An issue was discovered in Eventum 3.5.0. htdocs/ajax/update.php has XSS via the field_name parameter.

An issue was discovered in Eventum 3.5.0. htdocs/switch.php has XSS via the current_page parameter.

An issue was discovered in Eventum 3.5.0. /htdocs/post_note.php has XSS via the garlic_prefix parameter.

An issue was discovered in Eventum 3.5.0. /htdocs/validate.php has XSS via the values parameter.

An issue was discovered in Eventum 3.5.0. /htdocs/popup.php has XSS via the cat parameter.

An issue was discovered in Eventum 3.5.0. /htdocs/list.php has XSS via the show_notification_list_issues or show_authorized_issues parameter.

An issue was discovered in Eventum 3.5.0. CSRF in htdocs/manage/users.php allows creating another user with admin privileges.


Pages:      Start    10558    10559    10560    10561    10562    10563    10564    10565    10566    10567    10568    10569    10570    10571    ..   24694

© SecPod Technologies