4561 matches found
Trend Micro Smart Protection Server Session Hijacking Via Log File Disclosure
The Trend Micro Smart Protection Server running on the remote host is affected by a session hijacking vulnerability due to the disclosure of session IDs in the diagnostic.log file that can be accessed via HTTP without authentication. An unauthenticated, remote attacker can grab the log file and...
CVE-2018-7204
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...
Design/Logic Flaw
inc/logger.php in the Giribaz File Manager plugin before 5.0.2 for WordPress logged activity related to the plugin in /wp-content/uploads/file-manager/log.txt. If a user edits the wp-config.php file using this plugin, the wp-config.php contents get added to log.txt, which is not protected and...
CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
DEBIAN-CVE-2017-9271
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
CVE-2017-9271 proxy credentials written to log files by zypper
The commandline package update tool zypper writes HTTP proxy credentials into its logfile, allowing local attackers to gain access to proxies used...
Microsoft Windows Common Log File System Driver Elevation of Privilege Vulnerability
Microsoft Windows is a series of operating systems released by Microsoft.Windows Common Log File SystemCLFS driver is one of the common log file system drivers. A privilege vulnerability exists in the Microsoft Windows CLFS driver, which arises from the program's failure to properly handle object...
Microsoft Windows Common Log File System Driver Elevation of Privilege Vulnerability (CNVD-2018-05736)
Microsoft Windows is a series of operating systems released by Microsoft.Windows Common Log File SystemCLFS driver is one of the common log file system drivers. A privilege vulnerability exists in the Microsoft Windows CLFS driver, which arises from the program's failure to properly handle object...
foreman-debug: missing obfuscation of sensitive information
A flaw was found in foreman-debug's logging. An attacker with access to the foreman log file would be able to view passwords, allowing them to access those systems...
Cross site request forgery (csrf)
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...
CVE-2018-7272
The REST APIs in ForgeRock AM before 5.5.0 include SSOToken IDs as part of the URL, which allows attackers to obtain sensitive information by finding an ID value in a log file...
Authentication flaw
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations...
CVE-2018-3609
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations...
CVE-2018-3609
A vulnerability in the Trend Micro InterScan Messaging Security Virtual Appliance 9.0 and 9.1 management portal could allow an unauthenticated user to access sensitive information in a particular log file that could be used to bypass authentication on vulnerable installations...
CVE-2018-3609
CVE-2018-3609 affects Trend Micro InterScan Messaging Security Virtual Appliance (IMSVA) management portal for versions 9.0/9.1. The issue is an authentication bypass caused by insufficient protection of a log file containing session credentials, enabling an unauthenticated user to access sensiti...
CVE-2018-0846
The Windows Common Log File System CLFS driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability...
CVE-2018-0844
The Windows Common Log File System CLFS driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability...
Privilege escalation
The Windows Common Log File System CLFS driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability...
CVE-2018-0844
The Windows Common Log File System CLFS driver in Windows 7 SP1, Windows 8.1 and RT 8.1, Windows Server 2008 SP2 and R2 SP1, Windows Server 2012 and R2, Windows 10 Gold, 1511, 1607, 1703 and 1709, Windows Server 2016 and Windows Server, version 1709 allows an elevation of privilege vulnerability...
CVE-2018-2389
Under certain conditions a malicious user can inject log files of SAP Internet Graphics Server IGS, 7.20, 7.20EXT, 7.45, 7.49, 7.53, hiding important information in the log file...