IBM Security Identity Governance and Intelligence Information Disclosure Vulnerability

IBM Security Identity Governance and Intelligence IGI is a suite of identity governance solutions from IBM in the United States. The product includes features such as lifecycle management, access risk assessment and identity management. A security vulnerability exists in IBM Security IGI that ste...

MS04-022: A vulnerability in Task Scheduler could allow code execution

MS04-022: A vulnerability in Task Scheduler could allow code execution Microsoft has released security bulletin MS04-022. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete securit...

MS05-012: Vulnerability in OLE and COM could allow remote code execution

MS05-012: Vulnerability in OLE and COM could allow remote code execution Microsoft has released security bulletin MS05-012. The security bulletin contains all the relevant information about the security update, including file manifest information and deployment options. To view the complete...

Cross-site Scripting (XSS)

akka-http is vulnerable to cross-site scripting XSS attacks. The vulnerability exists as raw queries were being shown on the error message, allowing XSS attacks...

Starbucks: Information Exposure Through an Error Message at news.starbucks.com

I've discovered Information Exposure Through an Error Message on your system POC link: https://news.starbucks.com/cms/index.php?/cp/login/forgottenpasswordform=http://evil.com/?id=test-test Vulnerable url --...

Cross-site Scripting (XSS)

rabbitmq-server is vulnerable to cross-site scripting XSS attacks. The vulnerability exists in the management plugin in RabbitMQ 2.1.0 through 3.4.x before 3.4.1 allows remote attackers to inject arbitrary web script or HTML via the path info to api/, which is not properly handled in an error...

Information Disclosure

The cifs-utils package is vulnerable to information disclosure. The vulnerability exists due to the way it handles the second argument in mount.cifs which allows a local user to disclose the arbitrary file or directory information via an error massage...

On error at /rest/ stack-trace is publicly visible

h3. Summary On Confluence server 6.12.2 requesting wrong REST URL /rest/cql/contenttypes?category=test we will see full stack-trace. The same we can see at https://confluence.atlassian.com/rest/cql/contenttypes?category=test On production, a regular user should not see the stack-trace when an err...

Getting an error "Your changes could not be saved due to an invalid configuration of the account"

After the installation of receiver with Single sign-on enabled, users get above error message...

Design/Logic Flaw

IBM Security Access Manager Appliance 9.0.1.0, 9.0.2.0, 9.0.3.0, 9.0.4.0, and 9.0.5.0 generates an error message that includes sensitive information about its environment, users, or associated data. IBM X-Force ID: 149704...

Security update for glib2 (moderate)

This update for glib2 fixes the following issues: Security issues fixed: - CVE-2018-16428: Do not do a NULL pointer dereference crash. Avoid that, at the cost of introducing a new translatable error message bsc1107121. - CVE-2018-16429: Fixed out-of-bounds read vulnerability...

GitLab CE/EE Information Disclosure Vulnerability

GitLab is a set of open source applications developed using Ruby on Rails to implement a self-hosted Git version control system project repository, which has similar functionality to Github for accessing the contents of a project's files, commit history, bug lists, and more. An information...

CVE-2018-18648

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message...

CVE-2018-18648

An issue was discovered in GitLab Community and Enterprise Edition before 11.2.7, 11.3.x before 11.3.8, and 11.4.x before 11.4.3. It has Information Exposure Through an Error Message...

CVE-2018-18648

Removed by vendor...

Certificate expiration date

Challenge The following error message appears when starting Veeam Backup and Replication console: Cause Veeam Backup and Replication self-signed certificate expires 11 months after installation. The certificate is renewed, but Veeam Backup Service still has information about the old one in the...

"Failed to detach SCSI lun" errors in vSphere after finishing Instant Recovery or File-level restore from storage snapshots

Challenge You might see "Failed to detach SCSI lun" errors in vSphere during the unexport phase when restoring items file-level restore from storage snapshot or doing an Instant Recovery from storage snapshot because of certain VMware behaviour. Both types of the restores include a step when...

Unable to remove store from StoreFront console

event 0: "An error occurred while running the command :'Remove-DSStore2' Cannot bind argument to the parameter 'VirtualPath' because it is an empty string...

CVE-2018-19190

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php errormsg parameter...

Code injection

The Amazon PAYFORT payfort-php-SDK payment gateway SDK through 2018-04-26 has XSS via the error.php errormsg parameter...