WellinTech KingView KingMess.exe Log File Parsing Overflow

Added: 03/22/2013 CVE: CVE-2012-4711 BID: 57909 OSVDB: 89690 Background WellinTech is a China-based company which produces KingView, a Web-based SCADA application for Windows-based control, monitoring, and data collection that is used internationally. Problem WellinTech KingView KingMess.exe is...

WellinTech KingView KingMess.exe Log File Parsing Overflow

Added: 03/22/2013 CVE: CVE-2012-4711 BID: 57909 OSVDB: 89690 Background WellinTech is a China-based company which produces KingView, a Web-based SCADA application for Windows-based control, monitoring, and data collection that is used internationally. Problem WellinTech KingView KingMess.exe is...

CVE-2012-6115

The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...

Design/Logic Flaw

The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...

Design/Logic Flaw

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

CVE-2012-6117

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

CVE-2012-6117

CVE-2012-6117 affects Aeolus Configuration Server as used in Red Hat CloudForms Cloud Engine prior to 1.1.2. The issue is that /var/log/aeolus-configserver/configserver.log is world-readable, allowing local attackers to read plaintext passwords stored in the log file. Red Hat addressed this with ...

Configserver: Passwords from application blueprint stored plaintext in configserver.log

Aeolus Configuration Server, as used in Red Hat CloudForms Cloud Engine before 1.1.2, uses world-readable permissions for /var/log/aeolus-configserver/configserver.log, which allows local users to read plaintext passwords by reading the log file...

DEBIAN-CVE-2012-5564

android-tools 4.1.1 in Android Debug Bridge ADB allows local users to overwrite arbitrary files via a symlink attack on /tmp/adb.log...

CVE-2012-0034

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...

Input validation

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...

CVE-2012-0034

The NonManagedConnectionFactory in JBoss Enterprise Application Platform EAP 5.1.2 and 5.2.0, Web Platform EWP 5.1.2 and 5.2.0, and BRMS Platform before 5.3.1 logs the username and password in cleartext when an exception is thrown, which allows local users to obtain sensitive information by readi...

CVE-2012-0034

The CVE affects JBoss components where NonManagedConnectionFactory logs the username and password in cleartext during exception handling, risking local disclosure of credentials for EAP 5.1.2/5.2.0, EWP 5.1.2/5.2.0, and BRMS Platform before 5.3.1. Impact is limited to local confidentiality exposu...

rhev: rhevm-manage-domains logs admin passwords

The domain management tool rhevm-manage-domains in Red Hat Enterprise Virtualization Manager RHEV-M 3.1 and earlier, when the validate action is enabled, logs the administrative password to a world-readable log file, which allows local users to obtain sensitive information by reading this file...

Origin: rhc-chk.rb password exposure in log files

rhc-chk.rb in Red Hat OpenShift Origin before 1.1, when -d debug mode is used, outputs the password and other sensitive information in cleartext, which allows context-dependent attackers to obtain sensitive information, as demonstrated by including log files or Bugzilla reports in support channel...

JVN#86040029: Weathernews Touch for Android stores location information in the system log file

Weathernews Touch provided by Weathernews Inc. is a weather forecast application. Weathernews Touch for Android contains a vulnerability that stores location information in the system log file. Impact Android applications with permissions to read system log files may obtain location information...

SuSE 11.1 Security Update : net-snmp (SAT Patch Number 6517)

This update to net-snmp resolves the following issues : - Specially crafted SNMP GET requests could cause a denial of service application crash via a heap-based out-out-bounds read flaw which could be exploited remotely. CVE-2012-2141 - The snmpd agent should read shared memory information from...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

CVE-2012-5616

Apache CloudStack 4.0.0-incubating and Citrix CloudPlatform formerly Citrix CloudStack before 3.0.6 stores sensitive information in the log4j.conf log file, which allows local users to obtain 1 the SSH private key as recorded by the createSSHKeyPair API, 2 the password of an added host as recorde...

Fedora 18 : fail2ban-0.8.8-1.fc18 (2012-20589)

Update to 0.8.8 CVE-2012-5642 Bug 887914 - Fixes : - Alan Jenkins - 8c38907 Removed 'POSSIBLE BREAK-IN ATTEMPT' from sshd filter to avoid banning due to misconfigured DNS. Close gh-64 - Yaroslav Halchenko - 83109bc IMPORTANT: escape the content of if used in custom action files since its value...