CVE-2018-1000018

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file...

CVE-2018-1000018

An information disclosure in ovirt-hosted-engine-setup prior to 2.2.7 reveals the root user's password in the log file...

Ketshash - A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs

A little tool for detecting suspicious privileged NTLM connections, in particular Pass-The-Hash attack, based on event viewer logs. The tool was published as part of the "Pass-The-Hash detection" research - more details on "Pass-The-Hash detection" are in the blog post:...

Oracle WebLogic Remote Diagnosis Assistant Information Disclosure Vulnerability

This vulnerability allows remote attackers to bypass authentication on vulnerable installations of Oracle WebLogic Remote Diagnosis Server. The specific flaw exists within the Remote Diagnosis Assistant, which listens on TCP port 8888 when enabled. The issue results from unrestricted access to th...

Fedora 27 : community-mysql (2017-9e28c78e07)

A quarter year regular dose of fixed CVE's. https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-20.html . rhbz1497694 : Fix owner and perms on log file in post script CVE fixes: rhbz1503701 CVE-2017-10155 CVE-2017-10227 CVE-2017-10268 CVE-2017-10276 CVE-2017-10279 CVE-2017-10283 CVE-2017-102...

CVE-2018-5693

The LinuxMagic MagicSpam extension before 2.0.14-1 for Plesk allows local users to discover mailbox names by reading /var/log/magicspam/mslog...

Trend Micro Smart Protection Server 3.2 XSS / Access Control / Disclosure

Advisory Information Title: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL: http://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities Date published: 2017-12-19 Date of last update: 2017-12-11...

CVE-2017-6139

In F5 BIG-IP APM software version 13.0.0 and 12.1.2, under rare conditions, the BIG-IP APM system appends log details when responding to client requests. Details in the log file can vary; customers running debug mode logging with BIG-IP APM are at highest risk...

Trend Micro Smart Protection Server - Session Hijacking / Log File Disclosure / Remote Command Execution / Cron Job Injection / Local File Inclusion / Stored Cross-Site Scripting / Improper Access Control

Trend Micro Smart Protection Server Multiple Vulnerabilities 1. Advisory Information Title:: Trend Micro Smart Protection Server Multiple Vulnerabilities Advisory ID: CORE-2017-0008 Advisory URL: http://www.coresecurity.com/advisories/trend-micro-smart-protection-server-multiple-vulnerabilities...

CVE-2017-17671

vBulletin through 5.3.x on Windows allows remote PHP code execution because a requireonce call is reachable with an unauthenticated request that can include directory traversal sequences to specify an arbitrary pathname, and because ../ traversal is blocked but ..\ traversal is not blocked. For...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

CVE-2017-16680

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

CVE-2017-16680

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

CVE-2017-16680

Two potential audit log injections in SAP HANA extended application services 1.0, advanced model: 1 Certain HTTP/REST endpoints of controller service are missing user input validation which could allow unprivileged attackers to forge audit log lines. Hence the interpretation of audit log files...

DEBIAN-CVE-2016-1255

The pgctlcluster script in postgresql-common package in Debian wheezy before 134wheezy5, in Debian jessie before 165+deb8u2, in Debian unstable before 178, in Ubuntu 12.04 LTS before 129ubuntu1.2, in Ubuntu 14.04 LTS before 154ubuntu1.1, in Ubuntu 16.04 LTS before 173ubuntu0.1, in Ubuntu 17.04...

iSmartAlarm CubeOne Log File Decryption Vulnerability

The iSmartAlarm CubeOne is a smart home center control device from iSmartAlarm USA. A security vulnerability exists in the firmware of iSmartAlarm CubeOne 2.2.4.8 and earlier versions. An attacker can exploit the vulnerability to decrypt log files...

CVE-2017-13663

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

Code injection

Encryption key exposure in firmware in iSmartAlarm CubeOne version 2.2.4.8 and earlier allows attackers to decrypt log files via an exposed key...

CVE-2017-13663

CVE-2017-13663 affects iSmartAlarm CubeOne firmware (2.2.4.8 and earlier). The vulnerability stems from an exposed encryption key in the device firmware, enabling an attacker to decrypt log files. Documented impact: confidentiality of log data compromised; no explicit remediation details or patch...

CVE-2017-12172

PostgreSQL 10.x before 10.1, 9.6.x before 9.6.6, 9.5.x before 9.5.10, 9.4.x before 9.4.15, 9.3.x before 9.3.20, and 9.2.x before 9.2.24 runs under a non-root operating system account, and database superusers have effective ability to run arbitrary code under that system account. PostgreSQL provid...