Information disclosure

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528...

CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528...

CVE-2016-9700

IBM Jazz Foundation could allow an authenticated attacker to obtain sensitive information from error message stack traces. IBM X-Force ID: 119528...

CVE-2016-9700

IBM CVE-2016-9700 (IBM Jazz Foundation) enables an authenticated attacker to obtain sensitive information from error message stack traces. Affected products include Rational CLM, RDNG, RELM, RTC, RQM, Rhapsody DM, RSA DM, and Rational software architecture components, with versions ranging in CLM...

Error: Secure Hub - Couldn't Load Store

There are two scenarios in which this error might occur 1While performing a new enrollment. 2 Tapping on Store for a already enrolled user...

Fedora 25 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-7591a8e2c9)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

Fedora 24 : globus-ftp-client / globus-gass-cache-program / globus-gass-copy / etc (2017-5f8ebbd2b1)

globus-ftp-client - Adapt to Perl 5.26 - POSIX::tmpnam no longer available - Remove some redundant tests to reduce test time globus-gass-cache-program - GT6 update globus-gass-copy - Don't attempt sshftp data protection without creds 9.24 - Checksum verification based on contribution from IBM 9.2...

openSUSE Security Update : the Linux Kernel (openSUSE-2017-716) (Stack Clash)

The openSUSE Leap 42.2 kernel was updated to 4.4.72 to receive various security and bugfixes. The following security bugs were fixed : - CVE-2017-1000364: An issue was discovered in the size of the stack guard page on Linux, specifically a 4k stack guard page is not sufficiently large and can be...

Weblate: Error Message When Changing Username

Hello, Description: I have found a bug in your fix other my other report, 243609. I reported this in a new report as this is an error in the error message. When changing your username that starts with a . the error message is: Username may only contain letters, numbers or the following characters...

Schneider Electric U.motion Builder Error Message Path Vulnerability

U.motion Builder is a builder product from Schneider Electric France. An error message path vulnerability exists in Schneider Electric U.motion Builder. An exception message containing sensitive path information is returned to an attacker. This allows an attacker to exploit the vulnerability to...

Shopify: SQL Exception thrown during product import

Possible SQL Injection was observed when a descriptive error message was thrown in a mail sent to the user while importing products from csv. Used some special characters in csv to induce the error. DATABASE FOUND TO BE MYSQL. F192274...

Cross-site Scripting (XSS)

github.com/koding/koding is susceptible to cross-site scripting XSS attacks. It happens because the errorcode and errormsg variables in the 404.html page are not properly sanitized...

CVE-2017-1292

IBM Maximo Asset Management 7.5 and 7.6 are affected by a vulnerability described across multiple sources (NVD, CNVD, CVE listings) where error messages disclose sensitive information. The issue is a sensitive information disclosure vulnerability in the product’s messaging, potentially enabling a...

business-central: Reflected XSS in artifact upload error message

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

Secure Hub Error: Cannot Open Page: Safari cannot open the page because the address is invalid when using Apple Configurator

User sees the app VPP in the store. Clicks to add the app. Gets theError: Cannot Open Page: Safari cannot open the page because the address is invalid...

Harvest: [platform.harvestapp.com] Reflected XSS in Error Message via URL parameters

Hi @jorgeleria, I came across a potential reflected XSS vector while exploring platform.harvestapp.com functionality. At present, I have been unable to locate a functional payload, so would like to report this as HTML injection. Proof of Concept Steps to reproduce 1. Visit the below Demonstration...

PVS XDSW "Cannot connect to the Hypervisor, object reference not set as an Instance"

When running XDSW, customer encountered generic error "Cannot connect to the Hypervisor, object reference not set as an Instance" This error was encountered just at the stage when the expected screen would be template selection...

Splunk Enterprise 6.4.x < 6.4.7 Multiple Vulnerabilities

According to its self-reported version number, the version of Splunk Enterprise running on the remote web server is 6.4.x prior to 6.4.7. It is, therefore, affected by multiple vulnerabilities : - Multiple cross-site scripting XSS vulnerabilities exist due to improper validation of user-supplied...

Weblate: Content Spoofing in error message

Hi Weblate, I found a content spoofing Steps to reproduce 1. Go to https://hosted.weblate.org/translate/debian-reference/translations/fr/?type=Sorry for the inconvenience we where having some trouble in our system because of some hackers, please don't log in for you to make safe of your credentia...

Design/Logic Flaw

XOOPS Core 2.5.8.1 has XSS due to unescaped HTML output of an Install DB failure error message in pagedbsettings.php...