UBUNTU-CVE-2016-10538

The package node-cli before 1.0.0 insecurely uses the lockfile and logfile. Both of these are temporary, but it allows the starting user to overwrite any file they have access to...

CVE-2018-1241

Dell EMC RecoverPoint versions prior to 5.1.2 and RecoverPoint for VMs versions prior to 5.1.1.3, under certain conditions, may leak LDAP password in plain-text into the RecoverPoint log file. An authenticated malicious user with access to the RecoverPoint log files may obtain the exposed LDAP...

PostgreSQL adminpack Extension Security Bypass Vulnerability

PostgreSQL is a free object-relational database management system developed by the PostgreSQL development group . The system supports most of the SQL standard and provides many other features such as foreign keys, triggers, views, etc. adminpack is one of the contrib modules. A security...

Microsoft Windows Common Log File System Driver Elevation of Privilege Vulnerability

Microsoft Windows 7 and others are operating systems released by Microsoft Corporation in the U.S. The Windows Common Log File System CLFS driver is one of the common log file system drivers. The Microsoft Windows CLFS driver suffers from a privileged access vulnerability that stems from the...

CVE-2016-8627

admin-cli before versions 3.0.0.alpha25, 2.2.1.cr2 is vulnerable to an EAP feature to download server log files that allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough...

CVE-2018-8167

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server...

CVE-2018-8167

An elevation of privilege vulnerability exists when the Windows Common Log File System CLFS driver improperly handles objects in memory, aka "Windows Common Log File System Driver Elevation of Privilege Vulnerability." This affects Windows 7, Windows Server 2012 R2, Windows RT 8.1, Windows Server...

Security Updates for Windows Server 2008 (May 2018)

The remote Windows host is missing security updates. It is, therefore, affected by multiple vulnerabilities : - A remote code execution vulnerability exists in the Credential Security Support Provider protocol CredSSP. An attacker who successfully exploits this vulnerability could relay user...

KB4103715: Windows 8.1 and Windows Server 2012 R2 May 2018 Security Update

The remote Windows host is missing security update 4103715 or cumulative update 4103725. It is, therefore, affected by multiple vulnerabilities : - An elevation of privilege vulnerability exists when the Windows kernel fails to properly handle objects in memory. An attacker who successfully...

KLA11241 Multiple vulnerabilities in Microsoft Windows

Multiple vulnerabilities were found in Microsoft Windows. Malicious users can exploit these vulnerabilities to gain privileges, obtain sensitive information, bypass security restrictions, execute arbitrary code. Below is a complete list of vulnerabilities: 1. An elevation of privilege vulnerabili...

KB4103723: Windows 10 Version 1607 and Windows Server 2016 May 2018 Security Update

The remote Windows host is missing security update 4103723. It is, therefore, affected by multiple vulnerabilities : - A security feature bypass vulnerability exists in .Net Framework which could allow an attacker to bypass Device Guard. An attacker who successfully exploited this vulnerability...

Trend Micro IMSVA Management Portal Authentication Bypass (CVE-2018-3609)

An authentication bypass exists in Trend Micro InterScan Mail Security Virtual Appliance. The vulnerability is due to insufficient protection of a log file containing session credentials for authenticated users...

MS06-071: Security update for Microsoft XML Core Services 6.0

MS06-071: Security update for Microsoft XML Core Services 6.0 INTRODUCTION Microsoft has released security bulletin MS06-071. The security bulletin contains all the relevant information about the security update. This information includes file manifest information and deployment options. To view...

NetIQ Identity Manager System Enumeration Vulnerability

NetIQ Identity Manager is a comprehensive identity and access control solution. A system enumeration vulnerability exists in NetIQ Identity Manager versions prior to 4.7. An attacker could exploit this vulnerability by performing system enumeration using details provided in the driver log file of...

CVE-2018-1349

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration...

Design/Logic Flaw

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration...

CVE-2018-1350

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system enumeration...

CVE-2018-1349

CVE-2018-1349 affects the NetIQ Identity Manager driver log file, where versions prior to 4.7 expose details that could aid in system or configuration enumeration. The vulnerability is a log file information leakage issue in the NetIQ Identity Manager product. The provided connected documents cor...

CVE-2018-1349 NetIQ Identity Manager Driver Component Log File Information Leakage

The NetIQ Identity Manager driver log file, in versions prior to 4.7, provides details that could aid in system or configuration enumeration...

CVE-2018-6222

Arbitrary logs location in Trend Micro Email Encryption Gateway 5.5 could allow an attacker to change location of log files and be manipulated to execute arbitrary commands and attain command execution on a vulnerable system...