Cisco NX-OS Software Information Disclosure Vulnerability

A vulnerability in Cisco NX-OS Software could allow an authenticated, remote attacker to view sensitive information. The vulnerability is due to improper sanitization of configuration files that can be viewed by users assigned to the network-operator role. An attacker could exploit this...

EMC VPLEX Information leakage

Cleartetext passwords in configuration files...

Default application configuration files are available for download

h3. Summary of The Bug By browsing to the following URL path user would be able to download any files under /confluence/WEB-INF/... code/s/1519/3/1.0//WEB-INF/...code The above URL will be accessible by any users including anonymous even to an instance that does not allow anonymous access h5. Not...

Important: Red Hat Security Advisory: Fuse Message Broker 5.5.1 security update

An update for the Apache ActiveMQ component of Fuse Message Broker 5.5.1 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having important security impact. A Common Vulnerability Scoring System CVSS base...

Moderate: Red Hat Security Advisory: xml-security security update

An updated xml-security package that fixes one security issue is now available for Red Hat JBoss Enterprise Application Platform 5.2.0 for Red Hat Enterprise Linux 4, 5, and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. A Common Vulnerability...

Low: Red Hat Security Advisory: Red Hat Storage 2.0 security, bug fix, and enhancement update #6

Updated Red Hat Storage 2.0 packages that fix multiple security issues, various bugs, and add one enhancement are now available. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a detailed...

[LinEnum] Scripted Local Linux Enumeration & Privilege Escalation Checks

High-level summary of the checks/tasks performed by LinEnum: Kernel and distribution release details System Information: Hostname Networking details: Current IP Default route details DNS server information User Information: Current user details Last logged on users List all users including uid/gi...

Updated apache packages fix security vulnerabilities

Updated apache packages fix security vulnerabilities: moddav.c in the Apache HTTP Server before 2.4.6 does not properly determine whether DAV is enabled for a URI, which allows remote attackers to cause a denial of service segmentation fault via a MERGE request in which the URI is configured for...

WordPress Spicy Blogroll Plugin File Inclusion Vulnerability

WordPress Spicy Blogroll Plugin is prone to a file inclusion vulnerability. SPDX-FileCopyrightText: 2013 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...

Sybase EAServer 6.3.1 - Multiple Vulnerabilities

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: Multiple vulnerabilities product: Sybase EAServer vulnerable version: =6.3.1 fixed version: vendor did not supply version information CVE number: - impact: critical...

Sun Java System Application Server Information Disclosure

The version of Sun Java System Application Server installed on the remote host is potentially affected by an information disclosure vulnerability. A remote, unauthenticated attacker could exploit this flaw to read the Web Application configuration files in the WEB-INF or META-INF directory via a...

ASUS RT-N66U Router - HTTPS Directory traversal and full file access and credential disclosure vuln

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

CVE-2013-3739 Local File Inclusion in Weathermap <= 0.97C

============================================= WEBERA ALERT ADVISORY 01 - Discovered by: Anthony Dubuissez - Severity: high - CVE Request - 03/06/2013 - CVE Assign - 03/06/2013 - CVE Number - CVE-2013-3739 - Vendor notification - 03/06/2013 - Vendor reply - No reply - Public disclosure - 10/06/201...

Oracle Linux 6 : thunderbird (ELSA-2012-0715)

The remote Oracle Linux 6 host has a package installed that is affected by multiple vulnerabilities as referenced in the ELSA-2012-0715 advisory. 10.0.5-2.0.1.el62 - Replaced thunderbird-redhat-default-prefs.js with thunderbird-oracle-default-prefs.js - Replace clean.gif in tarball 10.0.5-2 -...

mlecms multi-language enterprise website management system v2. 3 newest vulnerabilities 0day-vulnerability warning-the black bar safety net

Vulnerability defects: the storage typexss 漏洞 文件 :links.php Loopholes in the application link at the website name and logo at the address, because the site name“webname”is post GET and didn't do the filter soxssappeared! Using description: xsshit the backend to get webshell Background get a shell...

ASUS RT-N66U Directory Traversal

Vulnerable product: ASUS RT-N66U when HTTPS WebService via AiCloud is enabled AC66R and RT-N65U are effected as well, but need more testing Vulnerabilities: - Linux 2.6.22 - Researched on both 3.0.0.4.270 and 3.0.0.4.354 firmware - Full directory traversal and plain text disclosure of all sensiti...

CVE-2013-0508

Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in 1 hrfstable.idx, 2 hrdevice.idx, 3...

Design/Logic Flaw

The Nagios-App component in GroundWork Monitor Enterprise 6.7.0 allows remote authenticated users to bypass intended access restrictions via a direct request for a 1 log file or 2 configuration file...

D-Link DSL-320B unauthorized access

It's possible to access configuration files without authentication...

CVE-2013-0687

The issue CVE-2013-0687 affects Schneider Electric MiCOM S1 Studio Software. The root cause is world-writable permissions set on executable files within the MiCOM S1 Studio installation, enabling a local attacker with access to replace executables in the program files directory. Consequences incl...