869 matches found
The vulnerability of the Windows operating system, which allows a perpetrator to bypass the secure loading mechanism
The vulnerability of the Windows operating system’s kernel is related to security configuration errors. Exploiting this vulnerability allows a malicious actor to bypass the trusted boot process by using a specially crafted BCD configuration...
IBM WebSphere Application Server (WAS) SNMP Implementation Sensitive Information Disclosure Vulnerability
IBM WebSphere Application Server WAS is an application server product developed and distributed by IBM in the U.S. It is a platform for Java EE and Web services applications, and is the foundation of the IBM WebSphere software platform. A security vulnerability exists in IBM WebSphere Application...
CVE-2015-0174
The CVE-2015-0174 issue affects IBM WebSphere Application Server (WAS) SNMP handling. The SNMP implementation in WAS 8.5 before 8.5.5.5 fails to properly handle configuration data, allowing remote authenticated users to obtain sensitive information via unspecified vectors. The connected IBM bulle...
McAfee Advanced Threat Defense Information Disclosure Vulnerability (CNVD-2015-02279)
McAfee Advanced Threat Defense provides advanced threat defense that defends against advanced malware, including zero-day persistent threats and advanced persistent threats. A security vulnerability in the McAfee Advanced Threat Defense WEB interface allows a remote, authenticated attacker to...
Path traversal vulnerability in EMC M&R (Watch4net) MIB Browser
------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC M&R (Watch4net) MIB Browser Path Traversal Vulnerability
A path traversal vulnerability was found in EMC M&R Watch4net MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries...
EMC M&R (Watch4net) MIB Browser Path Traversal
------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC MR (Watch4net) - Directory Traversal
EMC MR Watch4net - Directory Traversal Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts an...
Important: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
openstack-keystone: configuration data information leak through Keystone catalog
A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...
Important: Red Hat Security Advisory: openstack-keystone security and bug fix update
Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...
ICS-CERT Warns of Flaw in Innominate mGuard Secure Cloud Product
The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the...
CVE-2014-3895
The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02...
openstack-nova: timing attack issue allows access to other instances' configuration information
A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...
FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness
No description provided by source. source: http://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to insufficient access controls put in...
CVE-2014-0831
Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...
CVE-2014-0831
Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...
CVE-2014-0659
The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests...
IBM Web Content Manager information leakage
It's possible to obtain configuration data...