Command injection

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...

Information disclosure

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

CVE-2020-2044 PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...

CVE-2020-2044

CVE-2020-2044 is an information-exposure issue in PAN-OS where an administrator password or other sensitive data can be logged in cleartext in opcmdhistory.log. Affected PAN-OS versions: 8.1.x before 8.1.16; 9.0.x before 9.0.10; 9.1.x before 9.1.3. The log file design change moves command history...

CVE-2020-2043 PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

CVE-2020-2043

CVE-2020-2043: PAN-OS information exposure in configuration logs when the after-change-detail custom syslog field is enabled. The first occurrence of the sensitive field is masked, but subsequent instances are exposed in clear text. Affected: PAN-OS 8.1.x before 8.1.16; 9.0.x before 9.0.10; 9.1.x...

PAN-OS: Passwords may be logged in clear text while storing operational command (op command) history

An information exposure through log file vulnerability where an administrator's password or other sensitive information may be logged in cleartext while using the CLI in Palo Alto Networks PAN-OS software. The opcmdhistory.log file was introduced to track operational command op-command usage but...

PAN-OS: Passwords may be logged in clear text when using after-change-detail custom syslog field for config logs

An information exposure through log file vulnerability where sensitive fields are recorded in the configuration log without masking on Palo Alto Networks PAN-OS software when the after-change-detail custom syslog field is enabled for configuration logs and the sensitive field appears multiple tim...

Windows Common Log File System Driver Elevation of Privilege Vulnerability

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory. An attacker who successfully exploited this vulnerability could run processes in an elevated context. To exploit the vulnerability, an attacker would first have...

Vulnerabilities fixed in Microsoft Windows

Microsoft fixes multiple vulnerabilities in Windows. A malicious party could potentially exploit the vulnerabilities to: - execute arbitrary code, - obtain elevated privileges, - gain access to sensitive data, - cause a denial-of-service, - bypass security measures, - circumvent authentication...

PT-2020-3892 · Microsoft · Windows Common Log File System +1

Name of the Vulnerable Software and Affected Versions: Windows Common Log File System CLFS affected versions not specified Description: The issue is related to the improper handling of objects in memory by the Windows Common Log File System CLFS driver, which can lead to an elevation of privilege...

Microsoft Windows 10 CLFS.sys ValidateRegionBlocks privilege escalation vulnerability

Summary A privilege escalation vulnerability exists in the CLFS.sys ValidateRegionBlocks functionality of Microsoft Windows 10 CLFS.SYS 10.0.19041.264 WinBuild.160101.0800 and Insider Preview CLFS.SYS 10.0.20150.1000 WinBuild.160101.0800. A specially crafted malformed log file can cause a heap...

Security Bulletin: IBM Security Identity Manager Virtual Appliance is affected by multiple vulnerabilities

Summary IBM Security Identity Manager Virtual Appliance ISIM VA has addressed the following vulnerabilities due to remote attacker being able to execute arbitrary code to obtain sensitive information , the failure to restrict the number of message attachments, and disclosing sensitive information...

PT-2020-14053 · Philips · Dreammapper

Name of the Vulnerable Software and Affected Versions: Philips DreamMapper versions 2.24 and prior Description: The issue allows information written to log files to potentially guide an attacker. Recommendations: For versions 2.24 and prior, update to a version later than 2.24 to resolve the issu...

libcgroup up to and including 0.41 creates /var/log/cgred with mode 0666 regardless of the configured umask leading to disclosure of information.

...

CVE-2020-17449

PHP-Fusion 9.03 allows XSS via the errorlog file...

Information Disclosure

vault is vulnerable to information disclosure. The vulnerability exists as HashiCorp Vault and Vault Enterprise inserts Sensitive Information into a Log File...

Bypassing MassLogger Anti-Analysis — a Man-in-the-Middle Approach

The FireEye Front Line Applied Research & Expertise FLARE Team attempts to always stay on top of the most current and emerging threats. As a member of the FLARE Reverse Engineer team, I recently received a request to analyze a fairly new credential stealer identified as MassLogger. Despite the la...

Philips DreamMapper

1. EXECUTIVE SUMMARY CVSS v3 5.3 ATTENTION: Exploitable remotely/low skill level to exploit Vendor: Philips Equipment: DreamMapper Vulnerability: Insertion of Sensitive Information into Log File 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker access to the...

IBM Verify Gateway Information Disclosure Vulnerability

IBM Verify Gateway IVG is a cloud-based authentication solution from IBM in the United States. An information disclosure vulnerability exists in IBM Verify Gateway 1.0.0, 1.0.1. The vulnerability originates from a globally readable log file. An attacker could exploit the vulnerability to obtain...