ALPINE-CVE-2016-6662

Oracle MySQL through 5.5.52, 5.6.x through 5.6.33, and 5.7.x through 5.7.15; MariaDB before 5.5.51, 10.0.x before 10.0.27, and 10.1.x before 10.1.17; and Percona Server before 5.5.51-38.1, 5.6.x before 5.6.32-78.0, and 5.7.x before 5.7.14-7 allow local users to create arbitrary configurations and...

CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu...

UBUNTU-CVE-2016-1240

The Tomcat init script in the tomcat7 package before 7.0.56-3+deb8u4 and tomcat8 package before 8.0.14-1+deb8u3 on Debian jessie and the tomcat6 and libtomcat6-java packages before 6.0.35-1ubuntu3.8 on Ubuntu 12.04 LTS, the tomcat7 and libtomcat7-java packages before 7.0.52-1ubuntu0.7 on Ubuntu...

PT-2016-4663 · Apache +1 · Apache Tomcat +1

Name of the Vulnerable Software and Affected Versions: Apache Tomcat versions prior to 7.0.56-3+deb8u4 Apache Tomcat versions prior to 8.0.14-1+deb8u3 Apache Tomcat 6 versions prior to 6.0.35-1ubuntu3.8 Apache Tomcat 7 versions prior to 7.0.52-1ubuntu0.7 Apache Tomcat 8 versions prior to...

PT-2016-7027

Name of the Vulnerable Software and Affected Versions Oracle MySQL versions 5.5.52 and earlier, 5.6.33 and earlier, 5.7.15 and earlier MariaDB versions prior to 5.5.51, 10.0.x prior to 10.0.27, and 10.1.x prior to 10.1.17 Percona Server versions prior to 5.5.51-38.1, 5.6.x prior to 5.6.32-78.0, a...

New too openEAP enterprise application platform without the log file upload vulnerability

No description provided by source...

Debian DLA-571-1 : xen security update (Bunker Buster)

Multiple vulnerabilities have been discovered in the Xen hypervisor. The Common Vulnerabilities and Exposures project identifies the following problems : CVE-2014-3672 XSA-180 Andrew Sorensen discovered that a HVM domain can exhaust the hosts disk space by filling up the log file. CVE-2016-3158,...

Server: Log pollution can potentially lead to local HTML injection

The "download log" functionality in the admin screen is delivering the log in JSON format to the end-user. The file was delivered with an attachment disposition forcing the browser to download the document. However, Firefox running on Microsoft Windows would offer the user to open the data in the...

The vulnerability of the Windows operating system allows a malicious intruder to compromise the confidentiality, integrity, and accessibility of protected information.

A vulnerability that allows for remote execution of code exists in the Windows event log system and is related to the processing of specially crafted files. Exploiting this vulnerability enables remote execution of code provided that the user opens a specially crafted event log file. If the user...

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors...

Directory traversal

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors...

CVE-2016-1192

Directory traversal vulnerability in the logging implementation in Cybozu Garoon 3.7 through 4.2 allows remote authenticated users to read a log file via unspecified vectors...

Cybozu Garoon logging function vulnerable to directory traversal

Overview Cybozu Garoon is a groupware. Cybozu Garoon contains a directory traversal vulnerability in the logging function. Cybozu, Inc. reported this vulnerability to JPCERT/CC to notify users of its solution through JVN. JPCERT/CC and Cybozu, Inc. coordinated under the Information Security Early...

JVN#14749391: Multiple directory traversal vulnerabilities in Cybozu Garoon

Cybozu Garoon is a groupware. Cybozu Garoon contains following multiple directory traversal vulnerabilities. Directory traversal in the function "Files" - CVE-2016-1191 Version| Vector| Score ---|---|--- CVSS v3| CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N| Base Score: 5.3 CVSS v2|...

Moxa EDR-G903 Information Disclosure Vulnerability (CNVD-2016-03388)

The Moxa EDR-G903 is an all-in-one firewall/VPN security router product. A security vulnerability exists in the Moxa EDR-G903 that allows remote attackers to submit special URIs to obtain configuration file and log file information...

Important: Red Hat Security Advisory: Red Hat OpenShift Enterprise 3.2 security, bug fix, and enhancement update

Red Hat OpenShift Enterprise 3.2 is now available. Red Hat Product Security has rated this update as having a security impact of Important. A Common Vulnerability Scoring System CVSS base score, which gives a detailed severity rating, is available for each vulnerability from the CVE links in the...

openSUSE Security Update : systemd (openSUSE-2016-488)

This update for systemd fixes several issues : e5e362a udev: exclude MD from block device ownership event locking 8839413 udev: really exclude device-mapper from block device ownership event locking 66782e6 udev: exclude device-mapper from block device ownership event locking bsc972727 1386f57...

IBM DB2 10.5 < Fix Pack 7 Multiple Vulnerabilities

Binary data 9200.prm...

DotCMS 3.5 Beta Directory Traversal

Advisory: DotCMS Directory traversal vulnerability Author: Piaox From Pingan Product Safety Group Email: [email protected] Affected Version: dotCMS 3.5 Betathe latest version ========================== Vulnerability Description Recetly, I found a Directory traversal vulnerability in...

Understanding and Configuring EPA Verbose Logging on Citrix Gateway

CLI Configuration Run the following command on NetScaler for PreAuth and PostAuth EPA logging: set vpn param –clientSecurityLog ON Note : For PreAuth and PostAuth logging, the vpn param MUST be used. If the clientSecurityLog is modified in a SessionAction whose Session Policy has a ClientSecurity...