CVE-2010-3319

IBM Records Manager RM 4.5.x before 4.5.1.1-IER-FP001 places a session token in the URI, which might allow remote attackers to obtain sensitive information by reading a Referer log file...

CVE-2010-2794

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

spice-xpi symlink attack

The SPICE aka spice-xpi plug-in 2.2 for Firefox allows local users to overwrite arbitrary files via a symlink attack on an unspecified log file...

QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability

The host is running QuickTime Player and is prone to buffer overflow vulnerability. OpenVAS Vulnerability Test $Id: gbapplequicktimeplayerbofvuln.nasl 5263 2017-02-10 13:45:51Z teissa $ QuickTime Player Streaming Debug Error Logging Buffer Overflow Vulnerability Authors: Madhuri D Copyright:...

IBM Tivoli Directory Server ldapinst.log DB2 Admin Password Disclosure

The remote installation of Tivoli Directory Server created a file called 'ldapinst.log' that contains the login and password of the IBM DB2 database used for this service. An attacker who could get access to this file or a backup of it would be able to log into the DB2 database and modify its...

CVE-2010-1972

The default configuration of HP Client Automation HPCA Enterprise Infrastructure aka Radia allows remote attackers to read log files, and consequently cause a denial of service or have unspecified other impact, via web requests...

IPB 3.0.1 SQL Injection

Attention!\n"; echo "\n"; echo "Error!\n"; echo "This exploit is meant to be used as php CLI script!\n"; echo "More information:\n"; echo "http://www.google.com/search?hl=en&q=php+cl...

Invision Power Board 3.0.1 - SQL Injection

Attention!\n"; echo "\n"; echo "Error!\n"; echo "This exploit is meant to be used as php CLI script!\n"; echo "More information:\n"; echo "http://www.google.com/search?hl=en&q=php+...

kernel: infoleak if print-fatal-signals=1

The printfatalsignal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local use...

CVE-2003-1577

CVE-2003-1577 affects Sun ONE/iPlanet Web Server 4.1–SP12 and 6.0–SP5 when DNS resolution is enabled for client IPs. A crafted DNS response can be combined with an HTTP request to inject arbitrary text into server logs and trigger cross-site scripting (XSS) in the iPlanet Log Analyzer, via an Inv...

CVE-2010-0003

The printfatalsignal function in kernel/signal.c in the Linux kernel before 2.6.32.4 on the i386 platform, when print-fatal-signals is enabled, allows local users to discover the contents of arbitrary memory locations by jumping to an address and then reading a log file, and might allow local use...

CVE-2009-4487

nginx 0.7.64 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4495

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

Design/Logic Flaw

DISPUTED Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE:...

CVE-2009-4491

thttpd 2.25b0 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4490

minihttpd 1.19 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

Design/Logic Flaw

AOLserver 4.5.1 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...

CVE-2009-4488

Varnish 2.0.6 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator. NOTE: the vendo...

CVE-2009-4489

header.c in Cherokee before 0.99.32 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal...

Design/Logic Flaw

Yaws 1.85 writes data to a log file without sanitizing non-printable characters, which might allow remote attackers to modify a window's title, or possibly execute arbitrary commands or overwrite files, via an HTTP request containing an escape sequence for a terminal emulator...