CVE-2016-8916

IBM Tivoli Storage Manager 5.5, 6.1-6.4, and 7.1 stores password information in a log file that could be read by a local user when a set password command is issued. IBM X-Force ID: 118472...

CVE-2016-8916

Summary: CVE-2016-8916 affects IBM Tivoli Storage Manager (IBM Spectrum Protect Client) versions 5.5, 6.x, and 7.1. When using the set password command, full password text is written to the instrumentation log if tracing is enabled, enabling local disclosure of credentials. The IBM bulletin notes...

Information disclosure

Samsung Android devices with L5.0/5.1, M6.0, and N7.x software allow attackers to obtain sensitive information by reading a world-readable log file after an unexpected reboot. The Samsung ID is SVE-2017-8290...

Evilginx - MITM Attack Framework [Advanced Phishing With Two-factor Authentication Bypass]

Evilginx is a man-in-the-middle attack framework used for phishing credentials and session cookies of any web service. It's core runs on Nginx HTTP server, which utilizes proxypass and subfilter to proxy and modify HTTP content, while intercepting traffic between client and server. You can learn...

shARP - anti-ARP-spoofing application software and uses active scanning method to detect any ARP-spoofing incidents

ARP spoofing allows an attacker to intercept data frames on a network, modify the traffic, or stop all traffic. Often the attack is used as an opening for other attacks, such as denial of service, man in the middle, or session hijacking attacks.Our anti- ARP spoofing program, shARP detects the...

FortiClient SSLVPN Linux - Arbitrary write to log file

The first launch of FortiClient SSLVPN Linux creates a log file without any prior check. By previously creating a symbolic or hard link with the name of the log file to any file in the filesystem, an attacker may smash the latter existing file. This is due to the fact that the first launch of...

WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Vulnerabilities

Exploit for php platform in category web applications Exploit Title: WordPress Chat-Room plugin v0.1.2 directory traversal/arbitrary file write Date: 2017-03-08 Exploit Author: malwrforensics Vendor Homepage: https://webdevstudios.com/ Software Link: https://wordpress.org/plugins/chat-room/...

Fedora 25 : libupnp (2017-2c29702300)

miniserver: fix binding to ipv6 link-local addresses - Fix out-of-bound access in createurllist CVE-2016-8863 - If the error or info log files can not be created, use stderr and stdout instead. - SF Bug Tracker 132 CVE-2016-6255: write files via POST Note that Tenable Network Security has...

CVE-2016-4949

CVE-2016-4949 affects Cloudera Manager 5.5 and earlier. A remote attacker could obtain sensitive information by manipulating the filename parameter in the logs endpoint /cmf/process//logs, supplying either “stderr.log” or “stdout.log”. The underlying issue is an information disclosure in the proc...

Updated mariadb packages fix security vulnerability

Root Privilege Escalation CVE-2016-6664. Unspecified vulnerability affecting the Optimizer component CVE-2017-3238. Unspecified vulnerability affecting the Charsets component CVE-2017-3243. Unspecified vulnerability affecing the DML component CVE-2017-3244. Unspecified vulnerability affecting...

CVE-2016-8362

An issue was discovered in Moxa OnCell OnCellG3470A-LTE, AWK-1131A/3131A/4131A Series, AWK-3191 Series, AWK-5232/6232 Series, AWK-1121/1127 Series, WAC-1001 V2 Series, WAC-2004 Series, AWK-3121-M12-RTG Series, AWK-3131-M12-RCC Series, AWK-5232-M12-RCC Series, TAP-6226 Series, AWK-3121/4121 Series...

CVE-2016-8362

CVE-2016-8362 affects Moxa OnCell OnCellG3470A-LTE and a wide range of AWK/WAC/TAP models. The issue is described as Improper Authentication that allows any user to download log files by accessing a specific URL, with an attack scenario that does not require authentication. Impact in the public a...

jboss: jbossas: unsafe chown of server.log in jboss init script allows privilege escalation

It was discovered that the jboss init script performed unsafe file handling which could result in local privilege escalation...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform security update

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

admin-cli: Potential EAP resource starvation DOS attack via GET requests for server log files

An EAP feature to download server log files allows logs to be available via GET requests making them vulnerable to cross-origin attacks. An attacker could trigger the user's browser to request the log files consuming enough resources that normal server functioning could be impaired...

Moderate: Red Hat Security Advisory: Red Hat JBoss Enterprise Application Platform 7.0.4

An update is now available for Red Hat JBoss Enterprise Application Platform. Red Hat Product Security has rated this update as having a security impact of Moderate. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability...

Description of the cumulative update for Office Communications Server 2007 R2, Core Components: January 2010

Describes the issues that are fixed in the Office Communications Server 2007 R2, Core Components cumulative update that is dated January 2010.SummaryThis article describes the Microsoft Office Communications Server 2007 R2, Core Components issues that are fixed in the cumulative update for...

USN-3164-1 exim4 vulnerability

Bjoern Jacke discovered that Exim incorrectly handled DKIM keys. In certain configurations, private DKIM signing keys could be leaked to the log files...

Icinga: Privilege escalation

Background Icinga is an open source computer system and network monitoring application. It was originally created as a fork of the Nagios system monitoring application in 2009. Description Icinga daemon was found to perform unsafe operations when handling the log file. Impact A local attacker, wh...

Oracle Property Management Platform remote command execution and the cardholder data is decrypted vulnerability analysis-vulnerability warning-the black bar safety net

Recently, I found that in some large business hotel, the reception data management system of Oracle Opera in the presence of a plurality of security vulnerabilities. Hackers can exploit these vulnerabilities, the hotel booking App mentioning the right to get higher user usage rights; at the same...