4561 matches found
USN-1249-1: BackupPC vulnerabilities
It was discovered that BackupPC did not properly sanitize its input when processing backup browser error messages, resulting in a cross-site scripting XSS vulnerability. With cross-site scripting vulnerabilities, if a user were tricked into viewing server output during a crafted server request, a...
PHP security of the LFI vulnerability in GetShell method of the big parade-vulnerability warning-the black bar safety net
Author:LengF Blog:www.81sec.com 0x00 digression About PHP LFILocal File Include,local file inclusionvulnerabilities many of my friends are not very familiar with, in fact, the network has a lot of information in this regard, in particular, that foreign paper. Although a lot of information speaks...
Fedora 14 : foomatic-4.0.8-3.fc14 (2011-11205)
This package fixes CVE-2011-2924 by using mktemp when creating a debug log file in debug mode. Note that Tenable Network Security has extracted the preceding description block directly from the Fedora security advisory. Tenable has attempted to automatically clean and format it as much as possibl...
CVE-2011-2925
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
Authentication flaw
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
CVE-2011-2925
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
CVE-2011-2925
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
cumin: broker username/password appears in the log file
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
cumin: broker username/password appears in the log file
Cumin in Red Hat Enterprise Messaging, Realtime, and Grid MRG 2.0 records broker authentication credentials in a log file, which allows local users to bypass authentication and perform unauthorized actions on jobs and message queues via a direct connection to the broker...
CVE-2011-3187
The tos method in actionpack/lib/actiondispatch/middleware/remoteip.rb in Ruby on Rails 3.0.5 does not validate the X-Forwarded-For header in requests from IP addresses on a Class C network, which might allow remote attackers to inject arbitrary text into log files or bypass intended address...
CVE-2011-2204
CVE-2011-2204 affects Apache Tomcat when MemoryUserDatabase logs password data on JMX user creation errors. Affected: Tomcat 5.5.x < 5.5.34, 6.x < 6.0.33, 7.x
CVE-2011-2204
Removed by vendor...
ruby WEBrick log escape sequence
WEBrick 1.3.1 in Ruby 1.8.6 through patchlevel 383, 1.8.7 through patchlevel 248, 1.8.8dev, 1.9.1 through patchlevel 376, and 1.9.2dev writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrar...
CVE-2011-0197
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions...
CVE-2011-0197
App Store in Apple Mac OS X before 10.6.8 creates a log entry containing a user's AppleID password, which might allow local users to obtain sensitive information by reading a log file, as demonstrated by a log file that has non-default permissions...
CVE-2011-0197
CVE-2011-0197 affects Apple Mac OS X (App Store) prior to 10.6.8, where App Store could log a user’s AppleID password to a local file with insufficient permissions, enabling local users to read the password. The root cause is credentials being written to a log entry; an improved handling of crede...
CVE-2011-1943
The destroyonesecret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file...
Design/Logic Flaw
The destroyonesecret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file...
CVE-2011-1943
CVE-2011-1943 affects NetworkManager 0.8.999-3.git20110526 in Fedora 15, where the destroy_one_secret function in nm-setting-vpn.c (libnm-util) logs a certificate password. The log entry can be read by local users, allowing disclosure of sensitive information. Impact is limited to confidentiality...
CVE-2011-1943
The destroyonesecret function in nm-setting-vpn.c in libnm-util in the NetworkManager package 0.8.999-3.git20110526 in Fedora 15 creates a log entry containing a certificate password, which allows local users to obtain sensitive information by reading a log file...