UBUNTU-CVE-2014-1876

The unpacker::redirectstdio function in unpack.cpp in unpack200 in OpenJDK 6, 7, and 8; Oracle Java SE 5.0u61, 6u71, 7u51, and 8; JRockit R27.8.1 and R28.3.1; and Java SE Embedded 7u51 does not securely create temporary files when a log file cannot be opened, which allows local users to overwrite...

Design/Logic Flaw

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file /Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog, which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads...

CVE-2014-0647

The Starbucks 2.6.1 application for iOS stores sensitive information in plaintext in the Crashlytics log file /Library/Caches/com.crashlytics.data/com.starbucks.mystarbucks/session.clslog, which allows attackers to discover usernames, passwords, and e-mail addresses via an application that reads...

CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

Authentication flaw

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

CVE-2014-1664

The Citrix GoToMeeting application 5.0.799.1238 for Android logs HTTP requests containing sensitive information, which allows attackers to obtain user IDs, meeting details, and authentication tokens via an application that reads the system log file...

CVE-2013-4044

IBM SPSS Collaboration and Deployment Services 4.2.1 before 4.2.1.3 IF3 and 5.0 before FP3 allows remote authenticated users to read application log files via a direct HTTP request...

Fedora 18 : lynis-1.3.6-1.fc18 (2013-22758)

1.3.6 2013-12-03 New : - Support for the dntpd time daemon - New Apache test for modules HTTP-6632 - Apache test for modevasive HTTP-6640 - Apache test for modqos HTTP-6641 - Apache test for modspamhaus HTTP-6642 - Apache test for ModSecurity HTTP-6643 - Check for installed package audit tool...

CVE-2012-0425

LanItems.ycp in savey2logs in yast2-network before 2.24.4 in SUSE YaST writes cleartext Wi-Fi credentials to the y2log log file, which allows context-dependent attackers to obtain sensitive information by reading the 1 WIRELESSWPAPASSWORD or 2 WIRELESSCLIENTKEYPASSWORD field...

CVE-2013-6384

1 impldb2.py and 2 implmongodb.py in OpenStack Ceilometer 2013.2 and earlier, when the logging level is set to INFO, logs the connection string from ceilometer.conf, which allows local users to obtain sensitive information the DB2 or MongoDB password by reading the log file...

CVE-2013-6384

CVE-2013-6384 affects OpenStack Ceilometer 2013.2 and earlier. When logging level is INFO, impl_db2.py and impl_mongodb.py log the ceilometer.conf connection string, enabling local users to read sensitive information (DB2 or MongoDB password) from the log file. Multiple sources (SUSE, Ubuntu, Deb...

[LinEnum v0.2] Automating local information gathering tasks on Linux hosts

LinEnum is a shell script that automates local information gathering tasks on Linux hosts.Over 65 checks are performed, obtaining anything from kernel information to locating possible escalation points such as potentially useful SUID/GUID files and Sudo/rhost mis-configurations etc. Additionally,...

Vino VNC Server Remote Denial Of Service Vulnerability

This host is running Vino VNC Server and is prone to denial of service vulnerability. OpenVAS Vulnerability Test $Id: gbvinovncdosvuln.nasl 6104 2017-05-11 09:03:48Z teissa $ Vino VNC Server Remote Denial Of Service Vulnerability Authors: Veerendra GG Copyright: Copyright c 2013 Greenbone Network...

Apache HTTP Server mod_rewrite RewriteLog Command Execution (CVE-2013-1862)

A command execution vulnerability has been reported in Apache HTTP web server modrewrite. The vulnerability is due to a lack of input validation in handling certain escape sequences when writing to the log file. A remote attacker can exploit these vulnerabilities by sending a specially crafted HT...

httpd: mod_rewrite allows terminal escape sequences to be written to the log file

modrewrite.c in the modrewrite module in the Apache HTTP Server 2.2.x before 2.2.25 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to execute arbitrary commands via an HTTP request containing an escape sequence for a terminal emulator...

Amazon Linux AMI : httpd (ALAS-2013-193)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Amazon Linux AMI : httpd24 (ALAS-2013-194)

Cross-site scripting XSS flaws were found in the modproxybalancer module's manager web interface. If a remote attacker could trick a user, who was logged into the manager web interface, into visiting a specially crafted URL, it would lead to arbitrary web script execution in the context of the...

Oracle E-Business Suite password disclosure vulnerability

Overview Oracle E-Business Suite 12.0-12.1, when used with the native login pages or single sign-on SSO / Oracle Access Management OAM with the native login pages, contains a credential exposure vulnerability. Description Oracle E-Business Suite administrators who have applied CPU patches for Jul...

CVE-2013-4272

The BOTCHA Spam Prevention module 7.x-1.x before 7.x-1.6, 7.x-2.x before 7.x-2.1, and 7.x-3.x before 7.x-3.3 for Drupal, when the debugging level is set to 5 or 6, logs the content of submitted forms, which allows context-dependent users to obtain sensitive information such as usernames and...

CVE-2013-4272

The CVE concerns the BOTCHA Spam Prevention module for Drupal (7.x-1.x, 7.x-2.x, 7.x-3.x branches). When debugging is set to level 5 or 6, the module logs the content of submitted forms, enabling context-dependent users to obtain sensitive data (e.g., usernames and passwords) by reading log files...