Trove: potential leak of passwords into log files

The strutils.maskpassword function in the OpenStack Oslo utility library, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 does not properly mask passwords when logging commands, which allows local users to obtain passwords by reading the log...

Trove: potential leak of passwords into log files

The processutils.execute function in OpenStack oslo-incubator, Cinder, Nova, and Trove before 2013.2.4 and 2014.1 before 2014.1.3 allows local users to obtain passwords from commands that cause a ProcessExecutionError by reading the log...

SAMHAIN v3.1.2 - File Integrity Checker / Host-Based Intrusion Detection System

The Samhain host-based intrusion detection system HIDS provides file integrity checking and log file monitoring/analysis , as well as rootkit detection, port monitoring, detection of rogue SUID executables, and hidden processes. Samhain been designed to monitor multiple hosts with potentially...

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

CVE-2014-1317

iBooks Commerce in Apple OS X before 10.9.4 places Apple ID credentials in the iBooks log, which allows local users to obtain sensitive information by reading this file...

PHPizabi 0.848b C1 HFP1-3 - Remote Command Execution Exploit

No description provided by source. !/usr/bin/php ?php / Found this after getting my inet back and noticing this http://www.milw0rm.com/exploits/6085 . The only problem with the remote command execution there is that it actually requires registerglobals = on. I saw the GLOBAL keyword, and actually...

HP-UX 10.20 registrar Local Arbitrary File Read Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/1919/info The registrar service that ships with version 10.20 possibly others of HP's HP-UX operating system contains a vulnerability that may allow a local user to read any file on the hosts filesystem. The service which...

Logwatch 2.6 Secure Script Denial of Service Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13273/info Logwatch is prone to a denial of vulnerability in the secure script. This issue may be exploited by a local attacker who can inject a malicious string into a log file, causing a denial of service condition. As ...

04webserver 1.42 Multiple Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/11652/info Multiple remote vulnerabilities reportedly affect 04WebServer. These issues are due to a failure of the application to properly sanitize user-supplied input. An attacker may leverage these issues to carry out...

perForms Mambo Component <= 1.0 - Remote File Inclusion

No description provided by source. ------------------------------------------------------------------------ --- perForms = 1.0 mosConfigabsolutepath Remote File Inclusion ------------------------------------------------------------------------ --- Remote : Yes Critical Level : High Vuln founded i...

tmux '-S' Option Incorrect SetGID Privilege Escalation Vulnerability

No description provided by source. --------------------------------------- | Team ph0x90bic proudly presents | | tmux -S 1.3/1.4 local utmp exploit | --------------------------------------- Exploit Title: tmux '-S' Option Incorrect SetGID Local Privilege Escalation Vulnerability Date: 11.04.2011...

Adobe Version Cue 1.0/1.0.1 - Local Root Exploit (OSX)

No description provided by source. !/usr/bin/perl Adobe Version Cue VCNativeOSX: local root exploit. by: vade79/v9 [email protected] fakehalo/realhalo Adobe Version Cue's VCNative program writes data to a log file in the current working directory while running as setuid root. the logfile is formated...

Ricoh DC DL-10 SR10 FTP USER Command Buffer Overflow"

No description provided by source. This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of use. http://metasploit.com/framework/ require 'msf/core'...

PHPMyFAQ 1.5.1 Logs Unauthorized Access Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/14930/info PHPMyFAQ is prone to an unauthorized access vulnerability. A remote attacker can exploit this vulnerability to view the application log file. This vulnerability could lead to the disclosure of various valid...

Alkacon OpenCMS 7.0.3 - logfileViewSettings.jsp filePath.0 Parameter Arbitrary File Access

No description provided by source. source: http://www.securityfocus.com/bid/28152/info Alkacon OpenCms is prone to multiple input-validation vulnerabilities, including one cross-site scripting issue and a file-disclosure issue, because the application fails to properly sanitize user-supplied inpu...

Mailman 2.1.x Multiple Input Validation Vulnerabilities

No description provided by source. source: http://www.securityfocus.com/bid/20021/info Mailman is prone to multiple input-validation vulnerabilities because the application fails to sanitize user-input. These issues include multiple cross-site scripting vulnerabilities and a CRLF-injection...

AN HTTPD 1.42 Arbitrary Log Content Injection Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/13069/info AN HTTPD is affected by a vulnerability that may allow remote attacker to inject arbitrary content in to the log file. This issue arises due to a failure of input validation. Corruption of logs may result in...

JVN#07677464: 050 plus for Android information management vulnerability

050 plus provided by NTT Communications is an IP phone application for smartphones. 050 plus for Android contains an information management vulnerability that outputs some pieces of information stored by the product to a system log file on the device. Impact Android applications with permissions ...

OpenJDK: insecure temporary file use in unpack200 (Libraries, 8033618)

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

Webfwlog - Firewall Log Analyzer

Webfwlog is a flexible web-based firewall log analyzer and reporting tool. It supports standard system logs for linux, FreeBSD, OpenBSD, NetBSD, Solaris, Irix, OS X, etc. as well as Windows XP®. Supported log file formats are netfilter, ipfilter, ipfw, ipchains and Windows XP®. Webfwlog also...