Stack overflow

McAfee Network Data Loss Prevention NDLP before 9.3 allows local users to obtain sensitive information by reading a Java stack trace...

CVE-2014-8526

McAfee Network Data Loss Prevention NDLP before 9.3 allows local users to obtain sensitive information by reading a Java stack trace...

CVE-2014-8526

McAfee Network Data Loss Prevention (NDLP) prior to version 9.3 is affected by a local information-disclosure vulnerability where an attacker can read a Java stack trace to obtain sensitive information. The available documents confirm the affected product and symptom (stack trace exposure) and th...

Mozilla Firefox 3.6.16 mChannel Use-After-Free漏洞

漏洞分析 此漏洞是由于Mozilla Firefox的xul.dll在处理mChannel标签时，在OnChannelRedirect中对mChannel对象进行创建，但在随后调用Release释放，在释放对象过后没有对该指针进行标记，从而导致在随后的调用用中引用mChannel标签时，由于指针已经被释放，导致call地址不可读，从而引发漏洞，下面对此漏洞进行详细分析。 首先打开PoC，火狐浏览器崩溃，附加调试器，到达漏洞现场。 858.85c: Access violation - code c0000005 first chance First chance exceptions a...

KL-001-2014-002 : Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation

Title: Microsoft XP SP3 BthPan.sys Arbitrary Write Privilege Escalation Advisory ID: KL-001-2014-002 Publication Date: 2014-07-18 Publication URL: https://www.korelogic.com/Resources/Advisories/KL-001-2014-002.txt 1. Vulnerability Details Affected Vendor: Microsoft Affected Product: Bluetooth...

Localize: PHP PDOException and Full Path Disclosure

hi phrasekey , agian! in phraseChange action if set to array pdo quote show error! line 755 index.php Warning: PDO::quote expects parameter 1 to be string, array given in /srv/data/web/vhosts/www.localize.im/htdocs/classes/Database.php on line 30 Fatal error: Uncaught exception 'PDOException' wit...

CVE-2014-0871

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character...

Information disclosure

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character...

CVE-2014-0871

CVE-2014-0871 affects IBM Algorithmics RICOS (ACLIM) versions 4.5.0–4.7.0. The issue allows information disclosure via Tomcat error messages that leak environment details, triggered by non-printing characters (e.g., 0x00) in a cookie to the /classes/ URI. IBM’s SEC Consult advisory and the IBM Se...

CVE-2014-0871

RICOS in IBM Algo Credit Limits aka ACLM 4.5.0 through 4.7.0 before 4.7.0.03 FP5 in IBM Algorithmics allows remote attackers to obtain potentially sensitive Tomcat stack-trace information via non-printing characters in a cookie to the /classes/ URI, as demonstrated by the \x00 character...

CVE-2013-6741

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration...

Information disclosure

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration...

CVE-2013-6741

IBM Maximo Asset Management 7.x before 7.1.1.7 LAFIX.20140319-0837 and 7.5.x before 7.5.0.5 IFIX006; SmartCloud Control Desk 7.x before 7.5.0.3 and 7.5.1.x before 7.5.1.2; and Tivoli IT Asset Management for IT, Tivoli Service Request Manager, Maximo Service Desk, and Change and Configuration...

CVE-2013-6741

The CVE-2013-6741 issue affects IBM Maximo Asset Management and related IBM Tivoli products, allowing remote authenticated users to obtain potentially sensitive stack-trace information by triggering a Birt error. Affected products include Maximo Asset Management 7.x (before 7.1.1.7 LAFIX.20140319...

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

Xerox DocuShare SQL Injection

The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

CVE-2013-3442

The web portal in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854...