Error Message

An error or warning message has been found on the remote web server. It may be possible for an attacker to view sensitive information and conduct further attacks. No source data...

Design/Logic Flaw

In osTicket before 1.12, XSS exists via /upload/file.php, /upload/scp/users.php?do=import-users, and /upload/scp/ajax.php/users/import if an agent manager user uploads a crafted .csv file to the User Importer, because file contents can appear in an error message. The XSS can lead to local file...

Critical severity vulnerability that affects Auth0-WCF-Service-JWT

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

Code injection

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

CVE-2019-7644

Auth0 Auth0-WCF-Service-JWT before 1.0.4 leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

Generation of Error Message Containing Sensitive Information

Auth0 Auth0-WCF-Service-JWT leaks the expected JWT signature in an error message when it cannot successfully validate the JWT signature. If this error message is presented to an attacker, they can forge an arbitrary JWT token that will be accepted by the vulnerable application...

New Relic: Stored XSS firing if the error occurs when trying to delete the APM app

Hey team, I have discovered that when the user tries to delete the APM app and some error occurs, the error message contains the app's name, which is not sanitized properly. So the XSS is possible there under certain circumstances. The XSS payload is absolutely simple here, it can be like e.g...

Design/Logic Flaw

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410...

CVE-2018-1625

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410...

CVE-2018-1625

IBM Security Privileged Identity Manager Virtual Appliance 2.2.1 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 144410...

CVE-2018-1625

CVE-2018-1625 affects IBM Security Privileged Identity Manager Virtual Appliance. The vulnerability involves an error message that discloses sensitive information about the environment, users, or data, enabling information disclosure. Affected product/version details in the provided docs include ...

IBM Security Privileged Identity Manager Information Disclosure Vulnerability (CNVD-2019-27591)

IBM Security Privileged Identity Manager ISPIM is an identity management product within the IBM Identity Governance and Management solution from IBM in the United States. The product is designed to protect, automate and audit the use of privileged identities to help defend against insider threats...

Unable to attach from Citrix Files/Quick Edit into Secure Mail

Facing an issue where you open a number of different file types in Citrix Files/Quick Edit and select "Open In" and select "Copy to Secure Mail" and you receive a "Unable to attach file" error in Secure Mail...

Workspace App for Windows - Your apps are not available at this time - Issue when installing Citrix Receiver in not elevated/per-user install mode

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company's Help Desk/IT support team and can refer to CTX297149 for more information. The Organization is deploying Workspace App for Windows for the users. Some of these users have...

SUSE-SU-2019:0775-1 Security update for ntp

This update for ntp fixes the following issues: Security issue fixed: - CVE-2019-8936: Fixed a null pointer exception which could allow an authenticated attcker to cause segmentation fault to ntpd bsc1128525. Other issues addressed: - Fixed several bugs in the BANCOMM reclock driver. - Fixed...

openSUSE Security Update : enigmail (openSUSE-2019-395) (EFAIL)

This update for enigmail to version 2.0.5 fixes the following issues : Improvements on previous fixes on CVE-2017-17688, boo1093151 and CVE-2017-17689, boo1093152 EFAIL : - do not decrypt MIME parts unnecessarily - improve Error Message for Missing Message Modification Code %NASLMINLEVEL 70300 C...

openssl security update

1.0.2k-16.0.1.el76.1 - Bump release for rebuild. 1.0.2k-16.1 - use SHA-256 in FIPS RSA pairwise key check - fix CVE-2018-5407 - EC signature local timing side-channel key extraction 1.0.2k-16 - fix CVE-2018-0495 - ROHNP - Key Extraction Side Channel on DSA, ECDSA - fix incorrect error message on...

Information Disclosure

Auth0-WCF-Service-JWT is vulnerable to information disclosure. The JWT signature is revealed in an error message when the JWT signature validation fails, allowing attackers to abuse the erroneous behavior to obtain and forge valid signatures for arbitrary tokens and bypass authentication and...

Design/Logic Flaw

IBM Security Identity Governance and Intelligence 5.2 through 5.2.4.1 Virtual Appliance generates an error message that includes sensitive information about its environment, users, or associated data which could be used in further attacks against the system. IBM X-Force ID: 153430...