4561 matches found
Microsoft Windows Common Log File System Driver Elevation of Privilege (CVE-2021-31954)
An elevation of privilege vulnerability exists in Microsoft Windows. Successful exploitation of this vulnerability could allow a remote attacker to execute arbitrary code on the affected system...
KLA12202 Multiple vulnerabilities in Microsoft Windows
Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to obtain sensitive information, execute arbitrary code, gain privileges, bypass security restrictions, cause denial of service. Below is a complete list of vulnerabilities: 1. An informati...
PT-2021-3301 · Microsoft · Windows Common Log File System Driver +1
Name of the Vulnerable Software and Affected Versions: Windows Common Log File System Driver affected versions not specified Description: The issue is related to a buffer overflow in the dynamic memory of the Windows Common Log File System CLFS driver, which can allow an attacker to elevate their...
CVE-2021-22516
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...
Design/Logic Flaw
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...
CVE-2021-22516
Insertion of Sensitive Information into Log File vulnerability in Micro Focus Secure API Manager SAPIM product, affecting version 2.0.0. The vulnerability could lead to sensitive information being in a log file...
CVE-2021-22516
CVE-2021-22516 affects Micro Focus Secure API Manager (SAPIM) 2.0.0. It is described as an Information Disclosure vulnerability where sensitive information could be written into log files due to an insertion issue in the logging process. NVD lists CVSSv3.1 base score 7.5 (Network attack, Low comp...
Vulnerability fixed in Red Hat Enterprise Linux
Red Hat has fixed a vulnerability in the Public Key Infrastructure PKI Core package. A component of this package writes out the administrator password during installation to a log file that is unjustifiably readable by any local user. A local malicious person with knowledge of the location of thi...
SuiteCRM Log File Remote Code Execution
This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'SuiteCRM Log File Remote Code Execution', 'Description' = %q This module exploits an input validation error on the log file extension parameter. ...
SuiteCRM Log File Remote Code Execution Exploit
This Metasploit module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the...
SuiteCRM Log File Remote Code Execution
This module exploits an input validation error on the log file extension parameter. It does not properly validate upper/lower case characters. Once this occurs, the application log file will be treated as a php file. The log file can then be populated with php code by changing the username of a...
pki-server: Dogtag installer "pkispawn" logs admin credentials into a world-readable log file
A flaw was found in the PKI-server, where the spkispawn command, when run in debug mode, stores admin credentials in the installation log file. This flaw allows a local attacker to retrieve the file to obtain the admin password and gain admin privileges to the Dogtag CA manager. The highest threa...
GHSA-WV5P-GMMV-WH9V Insertion of Sensitive Information into Log File in ansible
A flaw was found in ansible module where credentials are disclosed in the console log by default and not protected by the security feature when using the bitbucketpipelinevariable module. This flaw allows an attacker to steal bitbucketpipeline credentials. The highest threat from this vulnerabili...
Insertion of Sensitive Information into Log File in ansible
A flaw was found in ansible. Credentials, such as secrets, are being disclosed in console log by default and not protected by nolog feature when using those modules. An attacker can take advantage of this information to steal those credentials. The highest threat from this vulnerability is to dat...
Information Disclosure
tripleo-ansible is vulnerable to information disclosure. An attacker is able to view the Ansible log file during stack update and creation...
Memory corruption
An issue was discovered in Couchbase Server 5.x and 6.x before 6.5.2 and 6.6.x before 6.6.2. Internal users with administrator privileges, @cbq-engine-cbauth and @index-cbauth, leak credentials in cleartext in the indexer.log file when they make a /listCreateTokens, /listRebalanceTokens, or...
CVE-2020-9451
An issue was discovered in Acronis True Image 2020 24.5.22510. antiransomwareservice.exe keeps a log in a folder where unprivileged users have write permissions. The logs are generated in a predictable pattern, allowing an unprivileged user to create a hardlink from a not yet created log file to...
CVE-2020-9451
CVE-2020-9451 affects Acronis True Image 2020 (v24.5.22510). The issue arises in anti_ransomware_service.exe, which logs to a folder writable by unprivileged users. Logs are created in a predictable pattern, enabling an unprivileged user to create a hardlink from a not-yet-created log file to ant...
Local Privilege Escalation in cloudflared
In cloudflared versions 2020.8.1 corresponding to 0.0.0-20200820025921-9323844ea773 on pkg.go.dev on Windows, if an administrator has started cloudflared and set it to read configuration files from a certain directory, an unprivileged user can exploit a misconfiguration in order to escalate...
Information disclosure
An information disclosure vulnerability was discovered in alipayfunction.php in the log file of Alibaba payment interface on PHPPYUN prior to version 5.0.1. If exploited, this vulnerability will allow attackers to obtain users' personally identifiable information including e-mail address and...