EMC MR (Watch4net) - Directory Traversal

EMC MR Watch4net - Directory Traversal Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts an...

Important: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix one security issue and several bugs are now available for Red Hat Enterprise Linux OpenStack Platform 5.0 for Red Hat Enterprise Linux 6. Red Hat Product Security has rated this update as having Important security impact. A Common Vulnerability Scoring...

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...

openstack-keystone: configuration data information leak through Keystone catalog

A flaw was found in the keystone catalog URL replacement. A user with permissions to register an endpoint could use this flaw to leak configuration data, including the master admintoken. Only keystone setups that allow non-cloud-admin users to create endpoints were affected by this issue...

Important: Red Hat Security Advisory: openstack-keystone security and bug fix update

Updated openstack-keystone packages that fix two security issues and multiple bugs are now available for Red Hat Enterprise Linux OpenStack Platform 4.0. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which...

ICS-CERT Warns of Flaw in Innominate mGuard Secure Cloud Product

The ICS-CERT is warning users about a vulnerability in a secure public cloud product from Innominate that enables an attacker to gain valuable configuration data about a target system, information that could be used in future attacks. The vulnerability is an information disclosure bug in the...

CVE-2014-3895

The I-O DATA TS-WLCAM camera with firmware 1.06 and earlier, TS-WLCAM/V camera with firmware 1.06 and earlier, TS-WPTCAM camera with firmware 1.08 and earlier, TS-PTCAM camera with firmware 1.08 and earlier, TS-PTCAM/POE camera with firmware 1.08 and earlier, and TS-WLC2 camera with firmware 1.02...

openstack-nova: timing attack issue allows access to other instances' configuration information

A side-channel timing attack flaw was found in Nova. An attacker could possibly use this flaw to guess valid instance ID signatures, giving them access to details of another instance, by analyzing the response times of requests for instance metadata. This issue only affected configurations that...

FloosieTek FTGatePro 1.2 WebAdmin Interface Information Disclosure Weakness

No description provided by source. source: http://www.securityfocus.com/bid/8578/info A weakness has been reported in the FTGatePro WebAdmin Interface that could allow an unauthorized user to gain sensitive information. The problem is believed to occur due to insufficient access controls put in...

CVE-2014-0831

Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...

CVE-2014-0831

Cross-site request forgery CSRF vulnerability in the OAC component in IBM Financial Transaction Manager FTM 2.0 before 2.0.0.3 allows remote attackers to hijack the authentication of arbitrary users for requests that modify configuration data...

CVE-2014-0659

The Cisco WAP4410N access point with firmware through 2.0.6.1, WRVS4400N router with firmware 1.x through 1.1.13 and 2.x through 2.0.2.1, and RVS4000 router with firmware through 2.0.3.2 allow remote attackers to read credential and configuration data, and execute arbitrary commands, via requests...

IBM Web Content Manager information leakage

It's possible to obtain configuration data...

IBM Web Content Manager XPath Injection

SEC Consult Vulnerability Lab Security Advisory ======================================================================= title: XPath Injection product: IBM Web Content Manager WCM vulnerable version: 6.x, 7.x, 8.x fixed version: - impact: high homepage: http://www.ibm.com/ found: 2013-10-27 CVE:...

phpcms_v9. 3. 2 a management module logic validation vulnerability-vulnerability warning-the black bar safety net

In the file\modules\sms\sms. php: class sms extends admin function construct $this-logdb = pcbase::loadmodel'smsreportmodel'; $this-moduledb = pcbase::loadmodel'modulemodel'; $this-memberdb = pcbase::loadmodel'membermodel'; //Get the SMS platform configuration information $siteid = getsiteid;...

Directory traversal

Google Chrome OS before 26.0.1410.57 relies on a Pango pango-utils.c readconfig implementation that loads the contents of the .pangorc file in the user's home directory, and the file referenced by the PANGORCFILE environment variable, which allows attackers to bypass intended access restrictions...

Default credentials

The Schneider Electric Magelis XBT HMI controller has a default password for authentication of configuration uploads, which makes it easier for remote attackers to bypass intended access restrictions via crafted configuration data...

CVE-2013-2762

The CVE-2013-2762 issue affects the Schneider Electric Magelis XBT HMI controller and is caused by a default password used for authentication of configuration uploads. This allows remote attackers to bypass access restrictions via crafted configuration data. Exploitation details or existence of i...

CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...

CVE-2012-0863

Mumble 1.2.3 and earlier uses world-readable permissions for .local/share/data/Mumble/.mumble.sqlite files in home directories, which might allow local users to obtain a cleartext password and configuration data by reading a file...