Error "Relay State and response does not match with roll in action" after following CTX316577

After following the steps inCTX316577some users see error "Relay State and response does not match with roll in action"...

Information disclosure

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212...

CVE-2021-20413

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196212...

CVE-2021-3620

A flaw was found in Ansible Engine's ansible-connection module, where sensitive information such as the Ansible user credentials is disclosed by default in the traceback error message. The highest threat from this vulnerability is to confidentiality...

OS Command Injection in fabio286/antares

✍️ Description The application displays the connection error message returned by the server without removing the malicious tags, which leads to XSS attacks. https://imgur.com/3MhhvFp.png https://i.imgur.com/RksNgXF.png Being an application made in electron, an XSS can be scaled to RCE, making it...

Mattermost: DoS via large console messages

Summary: When server console logging is enabled, it's possible to cause a complete denial of service to the server by submitting large text 64KB that gets output in the console log. This causes the server to become unavailable for all users. Steps To Reproduce: I set up my environment following t...

The vulnerability of Vue RIS software, related to the leakage of information in error messages, allows a intruder to gain unauthorized access to protected information.

The vulnerability of Vue RIS software is related to the leakage of information in error messages. Exploiting this vulnerability can allow an attacker, operating remotely, to gain unauthorized access to protected information...

CVE-2021-31159

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732...

Default credentials

Zoho ManageEngine ServiceDesk Plus MSP before 10519 is vulnerable to a User Enumeration bug due to improper error-message generation in the Forgot Password functionality, aka SDPMSP-15732...

WordPress Gallery from files plugin cross-site scripting vulnerability

WordPress is a blogging platform developed by the WordPress Wordpress Foundation using the PHP language. The platform supports personal blog sites on servers running PHP and MySQL.Gallery from files is a plugin for WordPress. A cross-site scripting vulnerability exists in WordPress Gallery from...

CVE-2021-24349

This Gallery from files WordPress plugin through 1.6.0 gives the functionality of uploading images to the server. But filenames are not properly sanitized before being output in an error message when they have an invalid extension, leading to a reflected Cross-Site Scripting issue. Due to the lac...

Jenkins 跨站脚本漏洞

Jenkins is a Jenkins open source application . An open source automation server Jenkins provides hundreds of plug-ins to support building, deploying and automating any project . A cross-site scripting vulnerability exists in Jenkins Kiuwan Plugin, which stems from a cross-site scripting XSS...

The vulnerability of the online business analytics service IBM Cognos Analytics, related to the leakage of information in error messages, allows a perpetrator to gain unauthorized access to protected information.

The vulnerability of the online business analytics service IBM Cognos Analytics is related to the leakage of information in error messages. Exploiting this vulnerability could allow an attacker, operating remotely, to gain unauthorized access to protected information...

h1-ctf: CCC H1 June 2021 CTF Writeup

CTF Summary This was my first H1 CTF and I was excited to work with several others to collaborate on the CTF and find the flag. I'll write up the solution process and vulnerabilities involved in the solution: Knowledge basic of S3 operations XML External Entities and Local File Exfiltration SQL...

CVE-2021-20371

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516...

Information disclosure

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516...

CVE-2021-20371

CVE-2021-20371 describes an information-disclosure vulnerability in IBM Jazz Foundation and IBM Engineering products where error messages returned in the browser could reveal sensitive data. Affected products include IBM Jazz Foundation and Engineering Lifecycle Management suite (ELM) and related...

CVE-2021-20371

IBM Jazz Foundation and IBM Engineering products could allow a remote attacker to obtain sensitive information when an error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 195516...

UVI-2021-1000291 Drivers: hv: vmbus: Drop error message when 'No request id available'

Drivers: hv: vmbus: Drop error message when 'No request id available' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...

GSD-2021-1000291 Drivers: hv: vmbus: Drop error message when 'No request id available'

Drivers: hv: vmbus: Drop error message when 'No request id available' This is an automated ID intended to aid in discovery of potential security vulnerabilities. The actual impact and attack plausibility have not yet been proven. This ID is fixed in Linux Kernel version v5.12.4 by commit...