GHSA-XFRJ-6VVC-3XM2 Apache Santuario - XML Security for Java are vulnerable to private key disclosure

All versions of Apache Santuario - XML Security for Java prior to 2.2.6, 2.3.4, and 3.0.3, when using the JSR 105 API, are vulnerable to an issue where a private key may be disclosed in log files when generating an XML Signature and logging with debug level is enabled. Users are recommended to...

CVE-2018-11567

Prior to 2018-04-27, the reprompt feature in Amazon Echo devices could be misused by a custom Alexa skill. The reprompt feature is designed so that if Alexa does not receive an input within 8 seconds, the device can speak a reprompt, then wait an additional 8 seconds for input; if the user still...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

CVE-2017-1211

IBM Daeja ViewONE Professional, Standard & Virtual 4.1.5.1 and 5.0.2 could disclose sensitive information to a local user when logging is enabled. IBM X-Force ID: 123851...

Mbedthis AppWeb 2.2.2 URL Protocol Format String Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/24454/info Mbedthis AppWeb is prone to a format-string vulnerability because the application fails to properly sanitize user-supplied input before passing it as the format specifier to a formatted-printing function. This...

WinVNC Web Server <= 3.3.3r7 - GET Overflow

No description provided by source. $Id: winvnchttpget.rb 7724 2009-12-06 05:50:37Z jduck $ This file is part of the Metasploit Framework and may be subject to redistribution and commercial restrictions. Please see the Metasploit Framework web site for more information on licensing and terms of us...

DEBIAN-CVE-2009-3617

Format string vulnerability in the AbstractCommand::onAbort function in src/AbstractCommand.cc in aria2 before 1.6.2, when logging is enabled, allows remote attackers to execute arbitrary code or cause a denial of service application crash via format string specifiers in a download URI. NOTE: som...

ngIRCd <= 0.8.2 Remote Format String Exploit

Exploit for linux platform in category remote exploits ============================================ ngIRCd Use: ./ngircdfsexp -h options options: -h host or IP -p ircd port by default 6667 -t type of target system -g syslog GOT address -o offset RET addr by default 0x0806b000 -b brutefoce the RET...

Linksys BEFSX41 System Log Viewer Log_Page_Num Variable Overflow DoS

The remote host seems to be a Linksys EtherFast Cable Firewall/Router. This product is vulnerable to a remote denial of service attack : if logging is enabled, an attacker can specify a long URL which results in the router becoming unresponsive. %NASLMINLEVEL 70300 Linksys EtherFast Cable/DSL...

CVE-2003-1077

Unknown vulnerability in UFS for Solaris 9 for SPARC, with logging enabled, allows local users to cause a denial of service UFS file system hang...

@stake Advisory: PHP3/PHP4 Logging Format String Vulnerability &#40;A 101200-1&#41;

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 We contacted the PHP team on 10/3/2000 concerning this problem. We wanted to hold off releasing our advisory until a fix was available for PHP3 since some users may not be able to easily upgrade to PHP4. Fixes for PHP3 and PHP4 are now available. We a...