8149 matches found
CVE-2013-2006
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
PYSEC-2013-40
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
CVE-2013-2006
OpenStack Keystone (Grizzly 2013.1.1) is affected by CVE-2013-2006: when DEBUG logging is enabled, Keystone can write admin_token and LDAP password in plaintext to log files, enabling local disclosure of sensitive data. The issue is documented in related advisories (RHSA-2013:0806; GHSA-RXRM-XVP4...
keystone: DEBUG level LDAP password disclosure in log files
OpenStack Identity Keystone Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the 1 admintoken and 2 LDAP password in plaintext, which allows local users to obtain sensitive by reading the log file...
Hacker jailbreak Google Glass to gain root access
After only a few days since the developer edition of Google Glass landed, Jay Freeman aka "Saurik" has jailbroken it. Though Google Glass run on Android 4.0 Ice Cream Sandwich, he get root access using an exploit first discovered by another hacker named B1nary. Freeman, who obtained the device by...
Cross site scripting
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
CVE-2012-6092
Multiple cross-site scripting XSS vulnerabilities in the web demos in Apache ActiveMQ before 5.8.0 allow remote attackers to inject arbitrary web script or HTML via 1 the refresh parameter to PortfolioPublishServlet.java aka demo/portfolioPublish or Market Data Publisher, or vectors involving 2...
Fedora 18 : bugzilla-4.2.5-1.fc18 (2013-2866)
This update fixes security issues that have been discovered in Bugzilla : - When viewing a bug report, a bug ID containing random code is not correctly sanitized in the HTML page if the specified page format is invalid. This can lead to XSS. - When running a query in debug mode, it is possible to...
Fedora 17 : bugzilla-4.0.10-1.fc17 (2013-2845)
This update fixes security issues that have been discovered in Bugzilla : - When viewing a bug report, a bug ID containing random code is not correctly sanitized in the HTML page if the specified page format is invalid. This can lead to XSS. - When running a query in debug mode, it is possible to...
HP LaserJet Security flaw allows remote data access
A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security's Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell whi...
HP LaserJet Security flaw allows remote data access
A critical vulnerability discovered in certain LaserJet Pro printers that could give remote attackers access to sensitive data. Homeland Security’s Computer Emergency Response Team recently issued a vulnerability note warning that HP LaserJet Professional printers contain a telnet debug shell whi...
HP LaserJet Professional printer telnet debug shell vulnerability
Overview Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized access to data. Description Certain HP LaserJet Professional printers contain a telnet debug shell which could allow a remote attacker to gain unauthorized acce...
DEBIAN-CVE-2011-4355
GNU Project Debugger GDB before 7.5, when .debuggdbscripts is defined, automatically loads certain files from the current working directory, which allows local users to gain privileges via crafted files such as Python scripts...
CVE-2013-0786
The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...
Design/Logic Flaw
The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...
CVE-2013-0786
The Bugzilla::Search::buildsubselect function in Bugzilla 2.x and 3.x before 3.6.13 and 3.7.x and 4.0.x before 4.0.10 generates different error messages for invalid product queries depending on whether a product exists, which allows remote attackers to discover private product names by using debu...
bugzilla -- multiple vulnerabilities
A Bugzilla Security Advisory reports: Cross-Site Scripting When viewing a single bug report, which is the default, the bug ID is validated and rejected if it is invalid. But when viewing several bug reports at once, which is specified by the format=multiple parameter, invalid bug IDs can go throu...