114 matches found
Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.3.5-3 - Container
Red Hat Ansible Tower 3.3.5-3 - Container - Fixed an issue to no longer expose Tower service credentials to playbook runs via environment variables when running in OpenShift CVE-2019-3869 - Fixed the Notifications tab to properly appear when viewing a Job Template...
Moderate: Red Hat Bug Fix Advisory: Red Hat Ansible Tower 3.4.3-4 - Container
Red Hat Ansible Tower 3.4.3-4 - Container - Fixed an issue to no longer expose Tower service credentials to playbook runs via environment variables when running in OpenShift CVE-2019-3869...
Millions of Oklahoma Gov Files Exposed by Wide-Open Server
Millions of sensitive files on a storage server belonging to the Oklahoma Department of Securities were left exposed for a week – including credentials, internal docs and personal data stretching back decades. Researchers at UpGuard who discovered the data leak said that the publicly accessible...
Security Bulletin: Weakness in generated service credentials affects multiple Watson Developer Cloud services (CVE-2016-0391)
Summary A weakness in generated service credentials that affects multiple Watson Developer Cloud offered through IBM Bluemix has been identified and fixed. Replacement of previously generated credentials is recommended. Vulnerability Details CVEID: CVE-2016-0391 DESCRIPTION: Multiple Watson...
CVE-2018-1217
Avamar Installation Manager in Dell EMC Avamar Server 7.3.1, 7.4.1, and 7.5.0, and Dell EMC Integrated Data Protection Appliance 2.0 and 2.1, is affected by a missing access control check vulnerability which could potentially allow a remote unauthenticated attacker to read or change the Local...
The LocalSystem account cannot be changed during the Update installation process
Challenge The Update installation cannot be performed because it requires the LocalSystem password to continue and it does not provide an option to change an existing account in the installation Wizard. Cause Veeam ONE Monitor Server service is running under the LocalSystem account which cannot b...
"Length cannot be less than zero" error during the Update installation
Challenge The Update for Veeam ONE fails during the installation with the error message "Length cannot be less than zero". Cause User Principal Name or UPN user@domain is currently unsupported with Veeam ONE. User Logon Name or ULN domain\user is the only supported username format for the product...
The vulnerability of the Microsoft Office Web Apps package allows a remote attacker to execute arbitrary code within the context of the current user account.
The vulnerability of the Microsoft Office Web Apps package is related to errors that occur when working with the W3WP service. Exploiting this vulnerability allows a malicious actor to execute arbitrary code within the context of the W3WP service’s security credentials...
CompuSource Systems Real Time Home Banking - Local Privilege Escalation
CompuSource Systems Real Time Home Banking - Local Privilege Escalation Exploit Title: CompuSource Systems - Real Time Home Banking - Local Privilege Escalation/Arbitrary Code Execution Date: 2/25/16 Exploit Author: [email protected] Vendor Homepage: https://www.css4cu.com :...
CVE-2015-0527
EMC Documentum xCelerated Management System xMS 1.1 before P14 stores cleartext Windows Service credentials in a batch file during Documentum Platform and xCelerated Composition Platform xCP provisioning, which allows local users to obtain sensitive information by reading a file...
CVE-2015-0527
EMC Documentum xCelerated Management System (xMS) 1.1 prior to P14 contains a sensitive information disclosure vulnerability where Windows Service credentials are stored in plaintext in batch files during provisioning of Documentum Platform or xCP. Local users can read these files to obtain crede...
cassandra-info NSE Script
Attempts to get basic info and server status from a Cassandra database. For more information about Cassandra, see: Script Arguments creds.service, creds.global See the documentation for the creds library. Example Usage nmap -p 9160 --script=cassandra-info Script Output PORT STATE SERVICE REASON...
Oracle Secure Backup Administration Command Injection Remote Code Execution Vulnerability
This vulnerability allows remote attackers to inject arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit this vulnerability but may be bypassed. The specific flaw exists in the handling of the 'preauth' variable to the script index.php use...
Oracle Secure Backup Web Interface Various Post-Auth Command Injection Remote Code Execution Vulnerabilities
This vulnerability allows remote attackers to execute arbitrary commands on vulnerable installations of Oracle Secure Backup. Authentication is required to exploit these vulnerabilities. The specific flaws exist due to how the application passes CGI parameters to the internal obtool binary runnin...