EUVD-2020-24899

Malware in sbrugna...

PT-2025-30268 · Unknown · Parkingdoor

Name of the Vulnerable Software and Affected Versions: ParkingDoor affected versions not specified Description: An incorrect authentication issue exists in ParkingDoor, allowing operation of the device without access logging in the application, even if access permissions have been revoked...

CVE-2023-4089 WAGO: Multiple products vulnerable to local file inclusion

On affected Wago products an remote attacker with administrative privileges can access files to which he has already access to through an undocumented local file inclusion. This access is logged in a different log file than expected...

SUSE-SU-2021:0989-1 Security update for tomcat

This update for tomcat fixes the following issues: - Fixed CVEs: CVE-2021-25122: Apache Tomcat h2c request mix-up bsc1182912 CVE-2021-25329: Complete fix for CVE-2020-9484 bsc1182909 - Log if file access is blocked due to symlinks: CVE-2021-24122 bsc1180947...

CVE-2019-11292

CVE-2019-11292 affects Pivotal Ops Manager: versions 2.4.x before 2.4.27, 2.5.x before 2.5.24, 2.6.x before 2.6.16, and 2.7.x before 2.7.5 log all query parameters to Tomcat’s access log; if params serve authentication, credentials may be logged. Root cause: parameter logging leakage into logs. I...

Linksys WVBR0 25 Command Injection(CVE-2017-17411)

In this guest blog, Trend Micro DVLabs researcher Ricky Lawshae discusses the recently disclosed CVE-2017-17411. He discovered and reported this bug through the ZDI program. Earlier this year, I learned that AT&T was starting to move customers away from its U-Verse service in favor of its DirecTV...

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

JIRA HTTP Dump Recorded Credential information As Text

Example steps to reproduce: Example 1: enable HTTP Access Logging and the HTTP dump log Change Password in the atlassian-jira-http-dump.log , the user's credential will be in the log as text Example 2: enable HTTP Access Logging and the HTTP dump log exit Administrations menu/logout go to any...

NetProxy <= 4.03 Web Filter Evasion / Bypass Logging Exploit

No description provided by source. !/usr/bin/perl Application: NetProxy 4.03 http://www.grok.co.uk/netproxy/index.html Description: NetProxy includes a powerful web cache to boost performance and reduce online costs. There is also an application-level firewall to protect your network from unwante...

Need ability to limit use of remote API to certain users, or a certain group

The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many pages can take several minutes, and all other users are locked from the wiki until it completes Reading or writing pages too rapidly through the API can impact the responsiveness of...

Need ability to limit use of remote API to certain users, or a certain group

panel:bgColor=e7f4fa NOTE: This suggestion is for Confluence Server. Using Confluence Cloud? See the corresponding suggestion|http://jira.atlassian.com/browse/CONFCLOUD-7913. panel The remote API presents opportunities for denial of service attack. For example: RemoveSpace for a space with many...

Remote Format String Vulnerabilities in eXtremail

Package: eXtremail Auth: http://www.extremail.com/ Versions: 1.5.9 current release Vulnerability: Format String What’s eXtremail: eXtremail is a Unix mail server that supports SMTP/POP3/IMAP protocols. It includes support for virtual domains, spoofing attack ,SSL connection and Antivirus checking...