CVE-2015-4320

The Configuration Log File component in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340...

Information disclosure

The Configuration Log File component in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340...

CVE-2015-4320

The Configuration Log File component in Cisco TelePresence Video Communication Server VCS Expressway X8.5.2 allows remote authenticated users to obtain sensitive information by reading a log file, aka Bug ID CSCuv12340...

CVE-2015-4320

The CVE-2015-4320 entry affects Cisco TelePresence Video Communication Server (VCS) Expressway X8.5.2, specifically the Configuration Log File component. Root cause: sensitive information is written into certain log files, enabling an authenticated, remote attacker to read logs and obtain sensiti...

UBUNTU-CVE-2015-6252

The vhostdevioctl function in drivers/vhost/vhost.c in the Linux kernel before 4.1.5 allows local users to cause a denial of service memory consumption via a VHOSTSETLOGFD ioctl call that triggers permanent file-descriptor allocation...

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update...

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update...

CVE-2015-4481

CVE-2015-4481 is a concrete vulnerability in Mozilla Maintenance Service on Windows where a hard-link race allows arbitrary file overwriting, enabling local privilege escalation. Public documentation across connected sources confirms the issue affects Windows Firefox/maintenance service and was a...

CVE-2015-4481

Race condition in the Mozilla Maintenance Service in Mozilla Firefox before 40.0 and Firefox ESR 38.x before 38.2 on Windows allows local users to write to arbitrary files and consequently gain privileges via vectors involving a hard link to a log file during an update...

Cisco TelePresence Video Communication Server Expressway Information Disclosure Vulnerability

A vulnerability in Configuration Log File of the Cisco TelePresence Video Communication Server VCS Expressway could allow an authenticated, remote attacker to obtain sensitive information stored on an affected system. The vulnerability is due to the inclusion of sensitive information in certain l...

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure

Froxlor Server Management Panel 0.9.33.1 - MySQL Login Information Disclosure ------------------------------------------------------------------------------------------ Exploit Title: Froxlor Server Management Panel - MySQL Login Information Disclosure Date: Jul 30 2015 Exploit Author: Dustin Dör...

Cisco Mobility Services Engine Control And Provisioning Feature Information Disclosure Vulnerability

Cisco Mobility Services Engine MSE is a platform Mobility Services Engine that provides Wi-Fi services from Cisco. The platform collects, stores and manages data from wireless clients, Cisco access points and controllers. A security vulnerability exists in the Control And Provisioning feature of...

Server: Resource Exthaustion when sanitizing filenames

The sanitization component for filenames was vulnerable to DoS when parsing specially crafted file names passed via specific endpoints. Effectively this lead to a endless loop filling the log file until the system is not anymore responsive. For more information please consult the official advisor...

PT-2020-7815 · Abrt +2 · Abrt +2

Name of the Vulnerable Software and Affected Versions: ABRT affected versions not specified Description: The issue concerns the default event handling scripts in ABRT, which allow local users to gain privileges. This can be achieved through a symlink attack on a var log messages file...

SysAid Help Desk Sensitive Information Disclosure Vulnerability

SysAid Help Desk is a suite of Web-based IT management software. The SysAid Help Desk sysaid/getAgentLogFile URI does not adequately filter the 'accountId' parameter, allowing remote attackers to submit invalid values to obtain sensitive information...

CVE-2014-6211

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file...

Command injection

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file...

CVE-2014-6211

The command-line scripts in IBM WebSphere Commerce 6.0 through 6.0.0.11, 7.0 through 7.0.0.9, and 7.0 Feature Pack 2 through 8, when debugging is configured, do not properly restrict the logging of personal data, which allows local users to obtain sensitive information by reading a log file...

The vulnerability of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows operating system exists due to incorrect handling of the event log file. The vulnerability can be exploited by opening the event log file created by the attacker. As a result of exploiting this vulnerability, an attacker who operates remotely can execute arbitrary...

The vulnerability of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows operating system exists due to incorrect handling of the event log file. The vulnerability can be exploited by opening the event log file created by the attacker. As a result of exploiting this vulnerability, an attacker who operates remotely can execute arbitrary...