WikkaWiki 1.3.2 Spam Logging PHP Injection

This module exploits a vulnerability found in WikkaWiki. When the spam logging feature is enabled, it is possible to inject PHP code into the spam log file via the UserAgent header, and then request it to execute our payload. There are at least three different ways to trigger spam protection, thi...

Apple Mac OS X filevault information leakage

Encrypted file system password is written in cleartext to log file...

Android SQLite Journal CVE-2011-3901信息泄露漏洞

Bugtraq ID: 53380 CVE ID：CVE-2011-3901 Open Handset Alliance Android是一款超过30家科技与移动电话公司所组成的团体开发的免费的移动电话平台。 Android SQLite数据库journal文件可被所有应用程序读取： -所有目录对应用程序数据库目录拥有执行权限，意味着应用程序数据目录可全局访问。 -/data/data/app package/databases目录以rwxrwx--x权限创建，可导致全局读写。 -数据库目录下创建的journal文件以-rw-r--r--权限创建，可被所有app读取。 0 Open...

Ubuntu Update for puppet USN-1419-1

Ubuntu Update for Linux kernel vulnerabilities USN-1419-1 OpenVAS Vulnerability Test $Id: gbubuntuUSN14191.nasl 7960 2017-12-01 06:58:16Z santu $ Ubuntu Update for puppet USN-1419-1 Authors: System Generated Check Copyright: Copyright c 2012 Greenbone Networks GmbH, http://www.greenbone.net This...

Ubuntu 10.04 LTS / 11.04 / 11.10 : puppet vulnerabilities (USN-1419-1)

It was discovered that Puppet used a predictable filename when downloading Mac OS X package files. A local attacker could exploit this to overwrite arbitrary files. CVE-2012-1906 It was discovered that Puppet incorrectly handled filebucket retrieval requests. A local attacker could exploit this t...

USN-1413-1: Nova vulnerability

Dan Prince discovered that Nova did not properly perform input validation on the length of server names. An authenticated attacker could issue requests using long server names to exhaust the storage resources containing the Nova API log file...

CVE-2012-1512

Cross-site scripting XSS vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry...

Cross site scripting

Cross-site scripting XSS vulnerability in the internal browser in vSphere Client in VMware vSphere 4.1 before Update 2 and 5.0 before Update 1 allows remote attackers to inject arbitrary web script or HTML via a crafted log-file entry...

DEBIAN-CVE-2011-4923

Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...

Cross site scripting

Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...

CVE-2011-4923

Cross-site scripting XSS vulnerability in View.pm in BackupPC 3.0.0, 3.1.0, 3.2.0, 3.2.1, and possibly earlier allows remote attackers to inject arbitrary web script or HTML via the num parameter in a view action to index.cgi, related to the log file viewer, a different vulnerability than...

Low: Red Hat Security Advisory: jbosscache security update

An update for JBoss Enterprise Application Platform 5.1.2 that fixes one security issue is now available from the Red Hat Customer Portal. The Red Hat Security Response Team has rated this update as having low security impact. A Common Vulnerability Scoring System CVSS base score, which gives a...

Double free

Double free vulnerability in the prepareexec function in src/exec.c in Logsurfer 1.5b and earlier, and Logsurfer+ 1.7 and earlier, allows remote attackers to execute arbitrary commands via crafted strings in a log file...

GLSA-201201-04 : Logsurfer: Arbitrary code execution

The remote host is affected by the vulnerability described in GLSA-201201-04 Logsurfer: Arbitrary code execution Logsurfer log files may contain substrings used for executing external commands. The prepareexec function in src/exec.c contains a double-free vulnerability. Impact : A remote attacker...

Directory traversal

Multiple directory traversal vulnerabilities in the vendor daemon in Rational Common Licensing in Telelogic License Server 2.0, Rational License Server 7.x, and ibmratl in IBM Rational License Key Server RLKS 8.0 through 8.1.2 allow remote attackers to execute arbitrary code via vectors related t...

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

Default configuration

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

CVE-2011-5066

The SibRaRecoverableSiXaResource class in the Default Messaging Component in IBM WebSphere Application Server WAS 6.1 before 6.1.0.41 does not properly handle a Service Integration Bus SIB dump operation involving the First Failure Data Capture FFDC introspection code, which allows local users to...

CVE-2011-5066

CVE-2011-5066 affects IBM WebSphere Application Server 6.1 (Default Messaging Component). The SibRaRecoverableSiXaResource class does not properly handle a Service Integration Bus (SIB) dump operation in the FFDC introspection code, allowing local users to read the FFDC log file and obtain sensit...

tomcat: password disclosure vulnerability

Apache Tomcat 5.5.x before 5.5.34, 6.x before 6.0.33, and 7.x before 7.0.17, when the MemoryUserDatabase is used, creates log entries containing passwords upon encountering errors in JMX user creation, which allows local users to obtain sensitive information by reading a log file...