Design/Logic Flaw

The Social Bookmarks del.icio.us plug-in 8F in Quicksilver writes usernames and passwords in plaintext to the /Library/Logs/Console/UID/Console.log file, which allows local users to obtain sensitive information by reading this file...

CVE-2006-7027

Microsoft Internet Security and Acceleration ISA Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks...

CVE-2006-7027

Microsoft Internet Security and Acceleration ISA Server 2004 logs unusual ASCII characters in the Host header, including the tab, which allows remote attackers to manipulate portions of the log file and possibly leverage this for other attacks...

CVE-2007-1046

Demtrac allows remote attackers to read log file contents via a direct request for /ancsit.txt...

CVE-2007-1046

Demtrac allows remote attackers to read log file contents via a direct request for /ancsit.txt...

CVE-2007-1046

CVE-2007-1046 concerns Dem_trac, where remote attackers can read log file contents by issuing a direct request to /anc_sit.txt. The connected documents confirm an information disclosure risk affecting Dem_trac and cite this exact vulnerability across NVD and CVE records. The root cause is imprope...

Mysql log file obfuscation

MySQL 5.0.18 and earlier allows local users to bypass logging mechanisms via SQL queries that contain the NULL character, which are not properly handled by the mysqlrealquery function. NOTE: this issue was originally reported for the mysqlquery function, but the vendor states that since mysqlquer...

Default credentials

cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack...

CVE-2007-0482

cgi-bin/main in Sun Ray Server Software 2.0 and 3.0 before 20070123 allows local users to obtain the utadmin password by reading a web server's log file, or by conducting a different, unspecified local attack...

Sun Ray Server password information leak

/cgi-bin/mail scripts records utadmin administrator's password is recorded into log file...

Integer overflow

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...

CVE-2007-0251

Integer underflow in the DecodeGRE function in src/decode.c in Snort 2.6.1.2 allows remote attackers to trigger dereferencing of certain memory locations via crafted GRE packets, which may cause corruption of log files or writing of sensitive information into log files...

Directory traversal

Directory traversal vulnerability in language.php in VerliAdmin 0.3 and earlier, when magicquotesgpc is disabled, allows remote attackers to include and execute arbitrary local files via a .. dot dot in the lang cookie, as demonstrated by injecting PHP sequences into an Apache HTTP Server log fil...

XSS with Vbulletin (new idea !)

Author : Ashraf Morad Contact : [email protected] XSS with vBulletin Attachments supported , SWF is a valid extension ! Materials : -Any SWF file with an actionscript frame : ActionScript Code : getURL"javascript:function blabvar scriptNode =...

DEBIAN-CVE-2006-6614

The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...

CVE-2006-6614

The saveloglocal function in Fully Automatic Installation FAI 2.10.1, and possibly 3.1.2, when verbose mode is enabled, stores the root password hash in /var/log/fai/current/fai.log, whose file permissions allow it to be copied to other hosts when fai-savelog is called and allows attackers to...

H-Sphere Control Panel不安全日志文件权限漏洞

H-Sphere Control Panel是多域名/站点管理控制面板程序。 域名/站点管理不安全日志文件权限问题，本地攻击者可以利用漏洞破坏系统文件，造成拒绝服务或特权提升问题。 目前没有详细漏洞细节提供。 Positive Software H-Sphere 2.4.3 http://www.psoft.net/hsphere2info.html...

CVE-2006-6382

CVE-2006-6382 affects Positive Software H-Sphere prior to 2.5.0 RC3. The control panel creates log files in a user’s directory with insecure permissions, enabling local users to append log data to arbitrary files via a symlink attack. The description notes the provenance is from third‑party infor...

CVE-2006-6301

DenyHosts 2.5 does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containing certain...

CVE-2006-6302

fail2ban 0.7.4 and earlier does not properly parse sshd log files, which allows remote attackers to add arbitrary hosts to the /etc/hosts.deny file and cause a denial of service by adding arbitrary IP addresses to the sshd log file, as demonstrated by logging in via ssh with a login name containi...