Citrix Command Center - Credential Disclosure Vulnerability

It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files, and gai...

Citrix Command Center Configuration Disclosure

------------------------------------------------------------------------ Citrix Command Center allows downloading of configuration files ------------------------------------------------------------------------ Han Sahin, August 2014...

Citrix Command Center - Credential Disclosure

Citrix Command Center - Credential Disclosure Abstract It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this...

Websense Explorer Missing Access Control

------------------------------------------------------------------------ Missing access control on Websense Explorer web folder ------------------------------------------------------------------------ Han Sahin, September 2014 ----------------------------------------------------------------------...

Citrix Command Center - Credential Disclosure

Abstract It was discovered that Citrix Command Center stores configuration files containing credentials of managed devices within a folder accessible through the web server. Unauthenticated attackers can download any configuration file stored in this folder, decode passwords stored in these files...

CVE-2014-2130

Cisco Secure Access Control Server ACS provides an unintentional administration web interface based on Apache Tomcat, which allows remote authenticated users to modify application files and configuration files, and consequently execute arbitrary code, by leveraging administrative privileges, aka...

RHEL 7 : docker (RHSA-2015:0623)

Updated docker packages that fix two security issues, several bugs, and add various enhancements are now available for Red Hat Enterprise Linux 7 Extras. Red Hat Product Security has rated this update as having Low security impact. Common Vulnerability Scoring System CVSS base scores, which give...

Lynis 2.0.0 - Security Auditing Tool for Unix/Linux Systems

Lynis is an open source security auditing tool. Primary goal is to help users with auditing and hardening of Unix and Linux based systems. The software is very flexible and runs on almost every Unix based system including Mac. Even the installation of the software itself is optional! How it works...

VDG Security SENSE Information Disclosure Vulnerability (CNVD-2015-00381)

VDG Security SENSE is a video management system VMS from VDG Security in the Netherlands. VDG Security SENSE suffers from an information disclosure vulnerability that allows an attacker to obtain sensitive information by reading plugin configuration files...

CVE-2014-9579

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...

Information disclosure

VDG Security SENSE formerly DIVA 2.3.13 stores administrator credentials in cleartext, which allows attackers to obtain sensitive information by reading the plugin configuration files...

CVE-2014-9579

CVE-2014-9579 affects VDG Security SENSE (formerly DIVA) 2.3.13. The vulnerability is an information disclosure where administrator credentials are stored in cleartext and can be obtained by reading the plugin configuration files. The issue stems from storing sensitive credentials in an insecure ...

Centreon < 2.5.4 Multiple Vulnerabilities

According to its version number, the Centreon application hosted on the remote web server is affected by multiple vulnerabilities : - A SQL injection vulnerability exists in the centreonLog.class.php script due to improper sanitization of user-supplied input to the 'username' parameter. A remote...

GitHub < 1.9.4 .git/config Command Execution (Mac OS X)

The remote Mac OS X host has a version of GitHub prior to 194 installed. It is, therefore, affected by a remote command execution vulnerability when processing git trees in a case-insensitive or case-normalizing file system. A remote attacker, using a specially crafted git tree, can overwrite a...

CVE-2014-4702

The checkicmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701...

CVE-2014-4701

The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...

CVE-2014-4702

The checkicmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701...

Code injection

The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...

Design/Logic Flaw

The checkicmp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4701...

CVE-2014-4701

The checkdhcp plugin in Nagios Plugins before 2.0.2 allows local users to obtain sensitive information from INI configuration files via the extra-opts flag, a different vulnerability than CVE-2014-4702...