286 matches found
EMC M&R (Watch4net) MIB Browser Path Traversal
------------------------------------------------------------------------ Path traversal vulnerability in EMC M&R Watch4net MIB Browser ------------------------------------------------------------------------ Han Sahin, November 2014...
EMC M&R (Watch4net) MIB Browser Path Traversal Vulnerability
A path traversal vulnerability was found in EMC M&R Watch4net MIB Browser. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts and binaries...
EMC MR (Watch4net) - Directory Traversal
EMC MR Watch4net - Directory Traversal Abstract A path traversal vulnerability was found in EMC M&R Watch4net Device Discovery. This vulnerability allows an attacker to access sensitive files containing configuration data, passwords, database records, log data, source code, and program scripts an...
Government Report Critical of FAA Security Controls
The Federal Aviation Administration has been put on notice that its information security controls are not up to par and that a risk-based program must be implemented from the ground up in order to assure the safety of its networks and passengers in the sky. A scathing Government Accounting Office...
How to Diagnose Network Fault with Log & Event Manager
Diagnosing network fault is one of the toughest questions for an IT Pro to answer because there is no single or best way. IT infrastructures are multi-layered and integrate many different systems which makes identifying the cause of network fault a difficult task. At a high level, the process of...
SA-CONTRIB-2014-100 - Bad Behavior - Information Disclosure
This module enables you to to target any malicious software directed at a Web site, whether it be a spambot, ill-designed search engine bot, or system crackers. It blocks such access and then logs their attempts. Information Disclosure The module doesn't sufficiently sanitize log data, allowing...
UBUNTU-CVE-2014-6463
Unspecified vulnerability in Oracle MySQL Server 5.5.38 and earlier and 5.6.19 and earlier allows remote authenticated users to affect availability via vectors related to SERVER:REPLICATION ROW FORMAT BINARY LOG DML...
CVE-2014-4357
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log...
Information disclosure
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log...
CVE-2014-4357
Accounts Framework in Apple iOS before 8 and Apple TV before 7 allows attackers to obtain sensitive information by reading log data that was not intended to be present in a log...
luci: unauthorized administrative access granted to non-administrative users
It was discovered that various components in the luci site extension-related URLs were not properly restricted to administrative users. A remote, authenticated attacker could escalate their privileges to perform certain actions that should be restricted to administrative users, such as adding use...
Ultimate PHP Board 1.9 admin_iplog.PHP Arbitrary PHP Execution Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/7678/info A vulnerability has been reported in Ultimate PHP Board. The problem is said to occur due to insufficient sanitization of user-supplied input before including log data into a PHP file. As a result, it may be...
Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution
No description provided by source. Quest InTrust 10.4.x Annotation Objects ActiveX Control AnnotateX.dll Uninitialized Pointer Remote Code Execution homepage: http://www.quest.com/intrust/ description: InTrust securely collects, stores, reports and alerts on event log data from Windows, Unix and...
openSUSE Security Update : logrotate (openSUSE-SU-2011:0536-1)
This update for logrotate provides the following fixes : - The shredfile function in logrotate might allow context-dependent attackers to execute arbitrary commands via shell metacharacters in a log filename, as demonstrated by a filename that is automatically constructed on the basis of a hostna...
CVE-2014-1279
Apple TV before 6.1 does not properly restrict logging, which allows local users to obtain sensitive information by reading log data...
HP ArcSight Logger HTTP Detection
The remote host's HTTP server is hosting an HP ArcSight Logger install, which is used for viewing and managing collected log data. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid69445; scriptversion"1.3"; scriptcvsdate"Date: 2019/11/25"; scriptnameenglish:"HP ArcSigh...
Loctouch for Android information management vulnerability
Overview Loctouch for Android contains an information management vulnerability. Loctouch provided by NHN Japan, is an application that logs location information. Loctouch for Android contains an information management vulnerability. Gaku Mochizuki of Mitsui Bussan Secure Directions, Inc. reported...
CVE-2012-5175
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data...
Cross site scripting
Cross-site scripting XSS vulnerability in KENT-WEB ACCESS REPORT 4.2 and earlier allows remote attackers to inject arbitrary web script or HTML via vectors related to access-log data...
Stack overflow
Stack-based buffer overflow in uam.exe in the User Access Manager UAM component in HP Intelligent Management Center IMC before 5.1 E0101P01 allows remote attackers to execute arbitrary code via vectors related to log data...