The vulnerability of the Windows operating system allows a hacker to execute arbitrary code in the context of the current user.

The vulnerability of the Windows operating system exists due to incorrect handling of the event log file. The vulnerability can be exploited by opening the event log file created by the attacker. As a result of exploiting this vulnerability, an attacker who operates remotely can execute arbitrary...

CVE-2015-1148

Screen Sharing in Apple OS X before 10.10.3 stores the password of a user in a log file, which might allow context-dependent attackers to obtain sensitive information by reading this file...

CVE-2015-1109

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file...

CVE-2015-1109

CVE-2015-1109 affects Apple iOS NetworkExtension before 8.3, where VPN credentials could be stored in VPN configuration logs. This logging creates a risk that a physically proximate attacker could read sensitive data from log files. The vulnerability is tied to how VPN configuration logs are hand...

CVE-2015-1109

NetworkExtension in Apple iOS before 8.3 stores credentials in VPN configuration logs, which makes it easier for physically proximate attackers to obtain sensitive information by reading a log file...

rundeck memory overflow-vulnerability warning-the black bar safety net

rundeck execution error message ! wKioL1PyveCSuoDGAAByx6J0zSo074.jpg See the rundeck log:/tmp/rundeck/stacktrace. log Caused by: org. codehaus. groovy. runtime. InvokerInvocationException: java. lang. OutOfMemoryError: PermGen space Memory overflow, because I have not modified rundeck MaxPermSize...

Fedora 20 : ettercap-0.8.2-1.fc20 (2015-4020)

0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...

Apache HTTP Server mod_rewrite RewriteLog Command Execution - Ver2 (CVE-2013-1862)

A command execution vulnerability has been reported in Apache HTTP web server modrewrite. The vulnerability is due to a lack of input validation in handling certain escape sequences when writing to the log file. A remote attacker can exploit these vulnerabilities by sending a specially crafted HT...

Design/Logic Flaw

The 1 IBM Tivoli Identity Manager Active Directory adapter before 5.1.24 and 2 IBM Security Identity Manager Active Directory adapter before 6.0.14 for IBM Security Identity Manager on Windows, when certain log and trace levels are configured, store the cleartext administrator password in a log...

CVE-2014-8923

CVE-2014-8923 affects IBM Security Identity Manager Active Directory adapter and IBM Tivoli Identity Manager Active Directory adapter on Windows; the issue is that, when certain log/trace levels are enabled, the administrator password is stored in clear text in log files, allowing a local user to...

Fedora 22 : ettercap-0.8.2-1.fc22 (2015-4009)

0.8.2-Ferri Bug Fix !! Fixed some openssl deprecated functions usage !! Fixed log file ownership !! Fixed mixed output print !! Fixed dropprivs function usage !! Fixed nopromisc option usage. !! Fixed missing break in parser code. !! Improved redirect commands !! Fix truncated VLAN packet headers...

dashboard: log file arbitrary file retrieval

It was found that the local log-viewing function of the redhat-access-plugin for OpenStack Dashboard horizon did not sanitize user input. An authenticated user could use this flaw to read an arbitrary file with the permissions of the web server...

A common Site Management System any user login/SQL injection/GetShell vulnerabilities source code analysis-vulnerability warning-the black bar safety net

Brief description: This system is not open source, most of the universities in use, turn the source off at the next Detailed description: 0x00 General case: code area Manufacturer: Rio Tinto tech Official website: http://www.ltpower.net/ The main is to do the educational products of the...

Ogaki Kyoritsu bank Smartphone Passbook for Android Information Disclosure Vulnerability

Ogaki Kyoritsu bank Smartphone Passbook is a suite of mobile banking passbook applications from Ogaki Kyoritsu Bank Corporation in Japan. Ogaki Kyoritsu bank Smartphone Passbook fails to securely create log files containing sensitive data, allowing an attacker to exploit vulnerabilities to obtain...

CVE-2015-0875

The Ogaki Kyoritsu Bank Smartphone Passbook application 1.0.0 for Android creates a log file containing input data from the user, which allows attackers to obtain sensitive information by reading a file...

CVE-2015-0875

The Ogaki Kyoritsu Bank Smartphone Passbook for Android (Ver. 1.0.0) creates log files that contain user input data, enabling reading of sensitive information by anyone with access to the log. Multiple sources (NVD/CNVD/JVN) document an information-disclosure vulnerability arising from logging us...

Design/Logic Flaw

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

CVE-2015-0519

The InputAccel Database IADB installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel IA SQL password in a DAL log file, which allows local users to obtain sensitive information by reading a file...

JVN#48659722: Smartphone Passbook for Android information management vulnerability

Smartphone Passbook for Android contains an issue where user inputs are output into a log file. Impact Other android applications with permissions to read system log files may obtain information entered by a user. Solution Update the Software Update to the latest version according to the...

Cookie hijacking: Internet Explorer UXSS (CVE-2015-0072)

Cookie hijacking: Internet Explorer UXSS CVE-2015-0072 Host below files on webserver attacker.com and share the exploit link with victims, exploit.php --- exploit link Share with victim redirect.php --- Script to redirect on target page target page should not contain X-Frame-Options or it will fa...