CVE-2017-2672

Foreman vulnerability CVE-2017-2672 affects Foreman prior to version 1.15, in the logging of adding and registering images. An attacker with access to the Foreman log file could view passwords for provisioned systems, enabling unauthorized access. No exploitation vector details are provided beyon...

GreenCMS Information Disclosure Vulnerability

GreenCMS is a content management system CMS based on ThinkPHP. A security vulnerability exists in GreenCMS version 2.3.0603. A remote attacker can exploit the vulnerability by sending a direct request to the Data/Log/yearmonthday.log file to obtain sensitive information...

CVE-2018-9025

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input...

Authentication flaw

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file...

CVE-2018-9024

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file...

CVE-2018-9025

An input validation vulnerability in CA Privileged Access Manager 2.x allows remote attackers to poison log files with specially crafted input...

CVE-2018-9024

CVE-2018-9024 concerns CA Privileged Access Manager 2.x where an improper authentication flaw allows an attacker to spoof IP addresses in a log file. The CNVD entry attributes the issue to the program failing to perform authentication properly, enabling IP impersonation. Other connected documents...

CVE-2018-9024

An improper authentication vulnerability in CA Privileged Access Manager 2.x allows attackers to spoof IP addresses in a log file...

Security Bulletin: Vulnerability in lighttpd affects PowerKVM (CVE-2015-3200)

Summary PowerKVM is affected by a vulnerability in lighttpd CVE-2015-3200. This vulnerability is now fixed. Vulnerability Details CVEID: CVE-2015-3200 DESCRIPTION: lighttpd could allow a remote attacker to bypass security restrictions, caused by the improper validation of input. An attacker could...

Security Bulletin: Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud

Summary Multiple security vulnerabilities have been addressed in LMS 5.0 on Cloud Vulnerability Details CVEID: CVE-2016-6126 DESCRIPTION: IBM Kenexa LMS on Cloud could allow a remote attacker to traverse directories on the system. An attacker could send a specially-crafted URL request containing...

CVE-2017-7796

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file...

CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2017-7796

On Windows systems, the logger run by the Windows updater deletes the file "update.log" before it runs in order to write a new log of that name. The path to this file is supplied at the command line to the updater and could be used in concert with another local exploit to delete a different file...

CVE-2016-5293

When the Mozilla Updater is run, if the Updater's log file in the working directory points to a hardlink, data can be appended to an arbitrary local file. This vulnerability requires local system access. Note: this issue only affects Windows operating systems. This vulnerability affects Firefox E...

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

CVE-2017-6779

Multiple Cisco products are affected by a vulnerability in local file management for certain system log files of Cisco collaboration products that could allow an unauthenticated, remote attacker to cause high disk utilization, resulting in a denial of service DoS condition. The vulnerability occu...

gh-pages design flaws

gh-pages is a tool that enables you to deploy projects to Github pages using Grunt. A security vulnerability exists in gh-pages versions prior to 0.9.1. An attacker can exploit the vulnerability to write unencrypted github credentials to a log file...

Performing NetScaler SD-WAN Log Analysis

This article describes the logs description that are captured in a Citrix SD-WAN´s diagnostic data file. SD-WAN Logs Location In the SD-WAN version 9.x the logs will be in the following path: /home/talariuser/log/diag/vwstsdir.zip In the SD-WAN version 10.x the logs will be in the following path:...