undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

undertow: leak credentials to log files UndertowLogger.REQUEST_LOGGER.undertowRequestFailed

A vulnerability was found in Undertow web server before 2.0.21. An information exposure of plain text credentials through log files because Connectors.executeRootHandler:402 logs the HttpServerExchange object at ERROR level using UndertowLogger.REQUESTLOGGER.undertowRequestFailedt, exchange...

SUSE-SU-2019:0414-1 Security update for dovecot23

This update for dovecot23 fixes the following issues: dovecot was updated to 2.3.3 release, bringing lots of bugfixes bsc1124356. Also the following security issue was fixed: - CVE-2019-3814: A vulnerability in Dovecot related to SSL client certificate authentication was fixed bsc1123022 The...

CVE-2018-19863

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually...

Code injection

An issue was discovered in 1Password 7.2.3.BETA before 7.2.3.BETA-3 on macOS. A mistake in error logging resulted in instances where sensitive data passed from Safari to 1Password could be logged locally on the user's machine. This data could include usernames and passwords that a user manually...

CVE-2018-19863

CVE-2018-19863 concerns 1Password for macOS (7.2.3.BETA before 7.2.3.BETA-3). A mistake in error logging could cause sensitive data, including usernames and passwords entered in Safari, to be logged locally on the user’s machine. The issue is limited to the macOS 7.2.3.BETA line; no exploitation ...

Moderate: Red Hat Enhancement Advisory: VDSM bug fix and enhancement update 4.2

Updated vdsm packages that fix several bugs and add various enhancements are now available. VDSM is a management module that serves as a Red Hat Virtualization Manager agent on Red Hat Virtualization Host or Red Hat Enterprise Linux hosts. Changes to the vdsm component: Previously, multipath...

Amass - In-depth Subdomain Enumeration

The Amass tool performs scraping of data sources, recursive brute forcing, crawling of web archives, permuting and altering of names and reverse DNS sweeping to obtain additional subdomain names. Additionally, Amass uses the IP addresses obtained during resolution to discover associated netblocks...

DEBIAN-CVE-2017-7756

A use-after-free and use-after-scope vulnerability when logging errors from headers for XML HTTP Requests XHR. This could result in a potentially exploitable crash. This vulnerability affects Firefox 54, Firefox ESR 52.2, and Thunderbird 52.2...

Design/Logic Flaw

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp...

CVE-2009-1197

Apache jUDDI before 2.0 allows attackers to spoof entries in log files via vectors related to error logging of keys from uddiget.jsp...

xen-kernel -- some pmu and profiling hypercalls log without rate limiting

The Xen Project reports: HYPERCALLxenoprofop and HYPERVISORxenpmuop log some errors and attempts at invalid operations. These log messages are not rate-limited, even though they can be triggered by guests. A malicious guest could cause repeated logging to the hypervisor console, leading to a Deni...

CVE-2015-2474

Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block SMB server error-logging action, aka "Server Message Block Memory Corruption Vulnerability."...

Memory corruption

Microsoft Windows Vista SP2 and Server 2008 SP2 allow remote authenticated users to execute arbitrary code via a crafted string in a Server Message Block SMB server error-logging action, aka "Server Message Block Memory Corruption Vulnerability."...

嘉缘人才系统sql注入#4

简要描述： 求20rank 详细说明： 看到\frcms\wap\index.php $rid='';$title='我的求职简历';$chinese=$cnstatus=$visitnum=$personinfo=1; $member=$login;$adddate=dtime$frtime,6;$flag=$regpArray4==1?0:1; $rsqls=$rsqlss=''; foreach$rsqlstr as $v $v=strreplace'r','',$v; ifisset$$v $rsqls.="r$v,"; $rsqlss.="'".cleartags$$v."',...

Oracle Solaris Third-Party Patch Update : bind (cve_2011_4313_denial_of)

The remote Solaris system is missing necessary patches to address security updates : - query.c in ISC BIND 9.0.x through 9.6.x, 9.4-ESV through 9.4-ESV-R5, 9.6-ESV through 9.6-ESV-R5, 9.7.0 through 9.7.4, 9.8.0 through 9.8.1, and 9.9.0a1 through 9.9.0b1 allows remote attackers to cause a denial o...

Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Exploit Title: Humhub test Will insert the corresponding HTML elements into the post/comment body. 2. Humhub-modules-mail 7 persistent XSS vulnerability Humhub-modules-mail versions 0.5.9 and prior when used in conjunction with Humhub 0.10.0-rc.1 or prior is affected by the same vulnerability as...

Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities

Humhub 0.10.0-rc.1 - Multiple Persistent Cross-Site Scripting Vulnerabilities Exploit Title: Humhub test Will insert the corresponding HTML elements into the post/comment body. 2. Humhub-modules-mail 7 persistent XSS vulnerability Humhub-modules-mail versions 0.5.9 and prior when used in...

cURL 6.1 - 7.4 - Remote Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/1804/info Curl is an open-source utility for sending or receiving files using URL syntax. A vulnerability exists in the version of curl included with Debian GNU/Linux 2.2 and FreeBSD prior to 4.2 release. Note that cURL...

Libopt.a 3.1x Error Logging Buffer Overflow Vulnerability (2)

No description provided by source. source: http://www.securityfocus.com/bid/7433/info Libopt library has been reported prone to a buffer overflow vulnerability. It has been reported that several Libopt.a error logging functions, may be prone to buffer overflow vulnerabilities when handling...