Posted by Florian Bogner on Aug 22

Horizontal Privilege Escalation/Code Injection in ownCloud’s Windows Client

Metadata
===================================================
Release Date: 17-08-2016
Author: Florian Bogner @ Kapsch BusinessCom AG (https://www.kapsch.net/kbc)
Affected versions: up to ownCloud’s Desktop client version 2.2.2
Tested on: Windows 7 64 bit
CVE : pending
URL: https://bogner.sh/2016/08/horizontal-privilege-escalation-in-ownclouds-windows-client/…

Posted by Francisco Amato on Aug 22

Faraday is the Integrated Multiuser Risk Environment you were looking
for! It maps and leverages all the knowledge you generate in real
time, letting you track and understand your audits. Our dashboard for
CISOs and managers uncovers the impact and risk being assessed by the
audit in real-time without the need for a single email. Developed with
a specialized set of functionalities that help users improve their own
work, the main purpose is to…

Posted by Justin Bull on Aug 22

Good evening everyone,

A security bulletin for all of you.

Software:
——–
Doorkeeper (https://github.com/doorkeeper-gem/doorkeeper)

Description:
———-
Doorkeeper is an OAuth 2 provider for Rails written in Ruby.

Affected Versions:
—————
1.2.0 – 4.1.0 (all versions but latest patch supporting token revocation)

Fixed Versions:
————-
4.2.0 or apply this commit[0]

Problem:
——–
Doorkeeper failed to implement OAuth…

Posted by Gary Baribault on Aug 22

Hey Onapsis, you are copying and pasting a timeline with errors in it.

Gary B