Trend Micro Control Manager Debug Level Authentication Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Trend Micro Control Manager. Authentication is not required to exploit this vulnerability. The specific flaw exists within the processing of debug settings. The software does not provide...

kea -- unexpected termination while handling a malformed packet

ISC Support reports: ISC Kea may terminate unexpectedly crash while handling a malformed client packet. Related defects in the kea-dhcp4 and kea-dhcp6 servers can cause the server to crash during option processing if a client sends a malformed packet. An attacker sending a crafted malformed packe...

Specify logging level to Prevent Root DEBUG from Exposing Login

h3. Summary Setting root level DEBUG can expose login information username/pw when JIRA is connected to Crowd for user management, as it outputs the REST POST contents that are transmitted through the HttpClient. h3. Environment Crowd integrated with JIRA for user management. h3. Steps to Reprodu...

Command injection

MCTOOLS in the fabric interconnect in Cisco Unified Computing System UCS allows local users to execute arbitrary Baseboard Management Controller BMC commands by leveraging 1 local, 2 shell-level, or 3 debug-level privileges at the operating-system layer, aka Bug ID CSCtg76239...

kernel: megaraid_sas permissions in sysfs

The dbglvl file for the megaraidsas driver in the Linux kernel before 2.6.27 has world-writable permissions, which allows local users to change the 1 behavior and 2 logging level of the driver by modifying this file...

Format string

Format string vulnerability in the logDetail function of applib.dll in McAfee Common Management Agent CMA 3.6.0.574 Patch 3 and earlier, as used in ePolicy Orchestrator 4.0.0 build 1015, allows remote attackers to cause a denial of service crash or execute arbitrary code via format string...

Invision Power Board 2.1.7 - 'Debug' Remote Password Change

INSERT INTO \w?regantispam \regid,regcode,ipaddress,ctime\ VALUES\'\w32?',\d?,/', $page, $regs $prefix = $regs1; $regid = $regs2; $regcode = $regs3; else $suffix = "&debug=1"; $curl = curlinit$site.'act=Reg&CODE=10'.$suffix; curlsetopt$curl, CURLOPTPROXY, $proxy; curlsetopt$curl,...

CVE-2005-4368

roundcube webmail Alpha, with a default high verbose level $rcmailconfig'debuglevel' = 1, allows remote attackers to obtain the full path of the application via an invalidtask parameter, which leaks the path in an error message...

IP Protocols Scan

This plugin detects the protocols understood by the remote IP stack. %NASLMINLEVEL 70300 C Tenable Network Security, Inc. include'deprecatednasllevel.inc'; include"compat.inc"; if description scriptid14788; scriptversion"1.27"; scriptsetattributeattribute:"pluginmodificationdate",...

CVE-1999-0344

CVE-1999-0344 concerns an NT local privilege escalation via the Sechole exploit, allowing debug-level access to a system process (local, no authentication; high impact on confidentiality, integrity, and availability per NVD). Connected citations reiterate NT users gaining debug-level access, with...

CVE-1999-0344

NT users can gain debug-level access on a system process using the Sechole exploit...