[ASA-201902-28] logstash: information disclosure

Arch Linux Security Advisory ASA-201902-28 ========================================== Severity: High Date : 2019-02-25 CVE-ID : CVE-2019-7612 Package : logstash Type : information disclosure Remote : No Link : https://security.archlinux.org/AVG-913 Summary ======= The package logstash before...

Veeam Backup & Replication upgrade fails with an error "Database version downgrade detected ... Reboot and restart the setup"

Challenge The upgrade to Veeam Backup & Replication U4 fails with "Database version downgrade detected ... Reboot and restart the setup". You may find following error in the C:\ProgramData\Veeam\Setup\Temp\BackupSrvLog.log: Veeam SRV: 31.01.2019 11:39:43: VEEAM Database version has been increment...

Loadbalancer.org Enterprise VA MAX Cross Site Scripting

Title: Loadbalancer.org Enterprise VA MAX - Unauthenticated Stored XSS Author: Jakub Palaczynski Date: 24. July 2018 CVE: CVE-2018-18864 Affected product: ============= Loadbalancer.org Enterprise VA MAX before 8.3.3 Impact: ====== Remote Code Execution with root privileges. Vulnerability -...

Loadbalancer.org Enterprise VA MAX 8.3.2 Remote Code Execution

Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can store JavaScript code that can for...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit

Exploit for php platform in category web applications Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User...

Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution

Exploit Title: Loadbalancer.org Enterprise VA MAX 8.3.2 - Remote Code Execution Date: 2018-07-24 Exploit Authors: Jakub Palaczynski Vendor Homepage: https://www.loadbalancer.org/ Version: . Such JavaScript is stored in "Apache User Log". This way attacker can store JavaScript code that can for...

Amazon Linux AMI : 389-ds-base (ALAS-2018-1094)

A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.CVE-2018-14624 A race condition was foun...

Medium: 389-ds-base

Issue Overview: A vulnerability was discovered in 389-ds-base. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd to crash.CVE-2018-14624 A race...

After importing a certificate PEM file with more than one CERTIFICATE section, you cannot access the management console

You have a PEM file which contains a PRIVATE KEY section, and more than one CERTIFICATE section. The additional CERTIFICATE sections are for other root certificate authorities. In the Management Console, you go to Settings and Configuration, and upload the certificate. Once that completes, the...

CVE-2017-1679

IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001...

Information disclosure

IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001...

CVE-2017-1679

IBM OpenPages GRC Platform 7.2, 7.3, 7.4, and 8.0 could allow an attacker to obtain sensitive information from error log files. IBM X-Force ID: 134001...

DEBIAN-CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

CVE-2018-14624

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

Design/Logic Flaw

A vulnerability was discovered in 389-ds-base through versions 1.3.7.10, 1.3.8.8 and 1.4.0.16. The lock controlling the error log was not correctly used when re-opening the log file in logerroremergency. An attacker could send a flood of modifications to a very large DN, which would cause slapd t...

Security Bulletin: IBM® Db2® sensitive information exposure in the error log (CVE-2017-1434).

Summary When a version check to upgrade Db2 to v11.x fails, the connection string is written in the clear in an error message to db2diag.log. Vulnerability Details CVEID: CVE-2017-1434 DESCRIPTION: IBM DB2 for Linux, UNIX and Windows includes DB2 Connect Server under unusual circumstances, could...

Event id 1 "An error occurred running the command: 'Install-DSFeatureClasses' " while propagating changes after adding StoreFront Server to a Server Group

You may be unable to propagate changes after adding StoreFront Server to existing Server Group. The propagation fails with following event inCitrix Delivery Services event log: Log Name: Citrix Delivery Services Source: Citrix Configuration Replication Service Date: dd/mm/yyyy hr:min:sec AM/PM...

mysql: unsafe chmod/chown use in init script (CPU Jan 2017)

Multiple flaws were found in the way the MySQL init script handled initialization of the database data directory and permission setting on the error log file. The mysql operating system user could use these flaws to escalate their privileges to root...

mysql: insecure error log file handling in mysqld_safe (CPU Oct 2016)

A flaw was found in the way the mysqldsafe script handled creation of error log file. The mysql operating system user could use this flaw to escalate their privileges to root...