Improper access control

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a 1 log file or 2 configuration file via a direct request...

CVE-2012-3030

WebNavigator in Siemens WinCC 7.0 SP3 and earlier, as used in SIMATIC PCS7 and other products, stores sensitive information under the web root with insufficient access control, which allows remote attackers to read a 1 log file or 2 configuration file via a direct request...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-2104

cgi-bin/munin-cgi-graph in Munin 2.x writes data to a log file without sanitizing non-printable characters, which might allow user-assisted remote attackers to inject terminal emulator escape sequences and execute arbitrary commands or delete arbitrary files via a crafted HTTP request...

CVE-2012-1585

OpenStack Compute Nova Essex before 2011.3 allows remote authenticated users to cause a denial of service Nova-API log file and disk consumption via a long server name...

Scientific Linux Security Update : ruby on SL5.x i386/x86_64

Ruby is an extensible, interpreted, object-oriented, scripting language. It has features to process text files and to do system management tasks. A flaw was found in the way large amounts of memory were allocated on 64-bit systems when using the BigDecimal class. A context-dependent attacker coul...

Scientific Linux Security Update : spice-xpi on SL5.x i386/x86_64

The spice-xpi package provides a plug-in that allows the SPICE client to run from within Mozilla Firefox. A race condition was found in the way the SPICE Firefox plug-in and the SPICE client communicated. A local attacker could use this flaw to trick the plug-in and the SPICE client into...

CVE-2012-0813

Wicd before 1.7.1 saves sensitive information in log files in /var/log/wicd, which allows context-dependent attackers to obtain passwords and other sensitive information...

CVE-2012-0813

CVE-2012-0813 affects Wicd prior to 1.7.1. The vulnerability arises because passwords and passphrases are written to log files in /var/log/wicd, enabling a local attacker to obtain sensitive information. A related issue (CVE-2012-2095) concerns unsanitized input from the daemon’s D‑Bus interface....

DEBIAN-CVE-2012-1989

telnet.rb in Puppet 2.7.x before 2.7.13 and Puppet Enterprise PE 1.2.x, 2.0.x, and 2.5.x before 2.5.1 allows local users to overwrite arbitrary files via a symlink attack on the NET::Telnet connection log /tmp/out.log...

Bluetooth scanner: Bluelog

Bluelog is a Linux Bluetooth scanner written to do a single task, log devices that are in discoverable mode. It is intended to be used as a site survey tool, determining how many discoverable Bluetooth devices there are in the area. It has also proven to be very well suited to Bluetooth traffic...

CVE-2012-2630

The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application...

CVE-2012-2630

The Puella Magi Madoka Magica iP application 1.05 and earlier for Android places cleartext Twitter credentials in a log file, which allows remote attackers to obtain sensitive information via a crafted application...

CVE-2012-2630

The CVE-2012-2630 entry concerns Puella Magi Madoka Magica iP for Android (1.05 and earlier). The underlying issue is that Twitter credentials entered by users are saved in plaintext in log files, enabling information disclosure via a crafted Android application. Affected component: the Android a...

tomcat: password disclosure vulnerability

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file...

Moderate: Red Hat Security Advisory: tomcat6 security and bug fix update

Updated tomcat6 packages that fix multiple security issues and three bugs are now available for JBoss Enterprise Web Server 1.0.2 for Red Hat Enterprise Linux 5 and 6. The Red Hat Security Response Team has rated this update as having moderate security impact. Common Vulnerability Scoring System...

tomcat: password disclosure vulnerability

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file...

WordPress Share And Follow 1.80.3 Cross Site Scripting

Hi We have used our tool, THAPS, to identify vulnerabilities in this WordPress plugin. We have confirmed at least one of the reported vulnerabilities and created a working exploit located below. Attached is one or more log files containing the output of our tool, identifying the location of the...