333 matches found
Fortinet FortiClient 6.2.x < 6.2.1 Missing Encryption Of Sensitive Data Vulnerability
The version of Fortinet FortiClient running on the remote host is prior to 6.2.1. It is, therefore, affected by a missing encryption of sensitive data vulnerability. An attacker can access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if...
Multiple VPN applications insecurely store session cookies
The Missing Encryption Of Sensitive Data vulnerability in FortiClient may allow an attacker to access VPN session cookie from an endpoint device running FortiClient. The attacker can steal the cookies only if endpoint device has been compromised in such a way that the attacker has access to...
Cross-Site Scripting (XSS)
apache activemq is vulnerable to cross-site scripting XSS. A remote attacker is able to inject arbitrary Javascript into a victim's browser via the refresh parameter to PortfolioPublishServlet.java, and through debug logs or subscribe messages in webapp/websocket/chat.js...
CVE-2018-18466
An issue was discovered in SecurEnvoy SecurAccess 9.3.502. When put in Debug mode and used for RDP connections, the application stores the emergency credentials in cleartext in the logs present in the DEBUG folder that can be accessed by anyone. NOTE: The vendor disputes this as a vulnerability...
CVE-2017-15113
CVE-2017-15113 affects ovirt-engine (Red Hat Virtualization Manager) prior to version 4.1.7.6, where DEBUG logging exposes passwords in plaintext in log files. The issue arises because log level DEBUG can reveal sensitive credentials, and only admins can change log level/access logs; this creates...
Unable to install Secure Mail Public version for iOS - Incompatible app
Issue --------------- Unable to install Secure Mail Public version for iOS - Incompatible app Logs ------------- Xcode Logs Dec 14 09:29:52 iPhone WorxMailAppStore985 : -NSFileManagerMdxEncryption ctxRemoveItemAtPath:error:: errno=2 Dec 14 09:29:52 iPhone WorxMailAppStorelibsqlite3.dylib985 : BUG...
Failed to import Veeam Cloud Connect certificate after Veeam Availability Console server migration
Challenge After migrating your Veeam Availability Console VAC installation to a new server and adding an existing Veeam Cloud Connect VCC server, the following certificate error may be observed: Failed to import certificate from the Veeam Cloud Connect server. See debug logs for more information...
Some WEMs Agent are failing to check in with WEM Broker
Many WEM Agents do not check in with the WEM Broker Server and they are missing from the Agent List inside of the WEM Administration Console. For example, this screenshot shows only 4 Agents checking in but dozens more WEM Agents are configured and should be present in this list: The Debug logs o...
WEM admin console fails to connect with error: Error while connecting to the specified Infrastructure Server
The WEM Administration Console errors out while connecting to the broker with a generic error: "Error while connecting to the specified Infrastructure Server". Looking into the the WEM admin console debug logs %userprofile%\Citrix WEM Console Trace.Log the following error is reported: Exception -...
Failed to update listener certificate in XMS 10.6
While importing renewed SSL listener certificate on XMS 10.6 following error is observed on XMS debug logs. 2017-06-22T11:47:55.251+0300 | A7B895C5041828EC | INFO | http-nio-14443-exec-7 | com.citrix.controlpoint.rest.CertificateMgmtResource | Uploading certificate to be used As : listener . none...
Salt win_useradd, salt-cloud and Linode driver information disclosure vulnerabilities
Salt aka SaltStack is a set of open source tools for managing infrastructure from SaltStack, Inc. winuseradd one of the user creation component; salt-cloud is a virtual machine configuration component; Linode driver is a server driver. A security vulnerability exists in winuseradd, salt-cloud, an...
CVE-2015-6941
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
Design/Logic Flaw
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
PYSEC-2017-71
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
UBUNTU-CVE-2015-6941
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
CVE-2015-6941
winuseradd, salt-cloud and the Linode driver in salt 2015.5.x before 2015.5.6, and 2015.8.x before 2015.8.1 leak password information in debug logs...
CVE-2015-6941
Salt CVE-2015-6941 affects Salt 2015.5.x before 2015.5.6 and 2015.8.x before 2015.8.1, where win_useradd, salt-cloud and the Linode driver leak password information in debug logs. Impact: password information is exposed in logs. Remediation: upgrade to Salt 2015.5.6 or 2015.8.1 as indicated by th...
CVE-2015-6941
Removed by vendor...
Certificate Based Authentication : Troubleshooting Tips
This document specifically addresses some common troubleshooting tips and guidelines that would help in tackling certain issues related with the Certificate based authenticationCBA. Please ensure that the initial configuration is set as per the article: https://support.citrix.com/article/CTX22047...
Frequently Asked Questions During NetScaler MAS Troubleshooting
Citrix ADM, formerly NetScaler MAS The following section lists some of the frequently asked questions during diagnosis and troubleshooting of NetScaler MAS issues: How to verify the NetScaler MAS build version using CLI and support file? How does MAS fetch all the dashboard related data from...