Security Bulletin: Information Disclosure in WebSphere Application Server (CVE-2018-1621)

Summary There is a potential Information disclosure vulnerability in WebSphere Application Server. Vulnerability Details CVEID: CVE-2018-1621 DESCRIPTION: IBM WebSphere Application Server could allow a local attacker to obtain clear text password in a trace file caused by improper handling of som...

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346...

CVE-2018-1621

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346...

Design/Logic Flaw

IBM WebSphere Application Server 7.0, 8.0, 8.5, and 9.0 could allow a local attacker to obtain clear text password in a trace file caused by improper handling of some datasource custom properties. IBM X-Force ID: 144346...

Mozilla: Vulnerabilities found through code inspection (MFSA 2015-66)

The YCbCrImageDataDeserializer::ToDataSourceSurface function in the YCbCr implementation in Mozilla Firefox before 39.0, Firefox ESR 31.x before 31.8 and 38.x before 38.1, and Thunderbird before 38.1 reads data from uninitialized memory locations, which has unspecified impact and attack vectors...

SAP Crystal Reports Datasource Stack Buffer Overflow Remote Code Execution Vulnerability

This vulnerability allows remote attackers to execute arbitrary code on vulnerable installations of SAP Crystal Reports. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the handling...

Microsoft Internet Explorer 4/5/6 XML Datasource Applet File Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/5490/info A problem in Microsoft Internet Explorer could lead to the disclosure of sensitive information. Due to the design of the datasource applet, it may be possible for a user to view the contents of local files via a...

PT-2014-3530 · Red Hat · Rhevm-Reports

Name of the Vulnerable Software and Affected Versions: Red Hat Enterprise Virtualization Manager reports rhevm-reports versions prior to 3.3.3-1 Description: The issue allows local users to obtain sensitive information by reading a configuration file due to world-readable permissions. The file in...

ovirt-engine-reports: js-jboss7-ds.xml is world-readable

The Red Hat Enterprise Virtualization Manager reports rhevm-reports package before 3.3.3-1 uses world-readable permissions on the datasource configuration file js-jboss7-ds.xml, which allows local users to obtain sensitive information by reading the file...

CVE-2012-3428

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

Design/Logic Flaw

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

JBoss: Datasource connection manager returns valid connection for wrong credentials when using security-domains

The IronJacamar container before 1.0.12.Final for JBoss Application Server, when allow-multiple-users is enabled in conjunction with a security domain, does not use the credentials supplied in a getConnection function call, which allows remote attackers to obtain access to an arbitrary datasource...

Encrypt Database Password in dbconfig.xml or use integrated authentication

panel:title=Atlassian Update – 5 January 2016|borderStyle=solid|borderColor=ebf2f9 | titleBGColor=ebf2f9 | bgColor=ffffff Hi everyone, Thanks for voting and commenting on this issue. While we understand the importance of this issue for our customers with strict password encryption requirements, w...

Design/Logic Flaw

The datasource definition editor in IBM InfoSphere Guardium 8.2 and earlier, when the save-password setting is enabled, transmits cleartext database credentials, which allows remote attackers to obtain sensitive information by sniffing the network...

Microsoft Office Web Components DataSource Code Execution (MS08-017; CVE-2007-1201)

A remote code execution vulnerability has been reported in Microsoft Office Web Components. The vulnerability is due to insufficient verification of the control's DataSource path. A remote attacker may exploit this vulnerability by enticing an unsuspecting user to open a specially crafted web-pag...

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

tomcat6 Information disclosure in authentication classes

Apache Tomcat 4.1.0 through 4.1.39, 5.5.0 through 5.5.27, and 6.0.0 through 6.0.18, when FORM authentication is used, allows remote attackers to enumerate valid usernames via requests to /jsecuritycheck with malformed URL encoding of passwords, related to improper error checking in the 1...

Fedora Update for php-pear-Structures-DataGrid-DataSource-MDB2 FEDORA-2007-0847

Check for the Version of php-pear-Structures-DataGrid-DataSource-MDB2 OpenVAS Vulnerability Test Fedora Update for php-pear-Structures-DataGrid-DataSource-MDB2 FEDORA-2007-0847 Authors: System Generated Check Copyright: Copyright c 2009 Greenbone Networks GmbH, http://www.greenbone.net This progr...