CVE-2014-8702

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message...

The remote server returned an error: (500) Internal Server Error

If you see "The remote server returned an error: 500 Internal Server Error" in any of the Unidesk failure messages, it means there is a problem with an ESX host. Keep in mind that vSphere will route filesystem requests to any available ESX host that has the requested VMFS mounted, including ones...

DEBIAN-CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

CVE-2017-6311

CVE-2017-6311 is reported in gdk-pixbuf: specifically in the thumbnailer code path (gdk-pixbuf-thumbnailer.c) where context-dependent attackers can trigger a NULL pointer dereference by manipulating error-message handling, leading to an application crash and denial of service. Public references a...

CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

UBUNTU-CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

Apache Struts2 remote code execution vulnerability S2-045 technical analysis and protection solution-vulnerability warning-the black bar safety net

Apache Struts2 Jakarta Multipart parser plug-ins the presence of a remote code execution vulnerability, the vulnerability number is CNNVD-201703-152。 The attacker can use the plugin to upload a file, modify the HTTP request header Content-Type value to trigger the vulnerability leads to remote co...

The [vulnerability analysis] S2-045 principles of the preliminary analysis of CVE-2017-5638-a vulnerability warning-the black bar safety net

Author: angelwhu 0x00 vulnerability announcement See This vulnerability should follow-up will have official detailed analysis. Here to talk about personal understanding, but also to share the following to reproduce the vulnerabilities of ideas. First of all,carefully read the vulnerability...

CVE-2017-6485

A Cross-Site Scripting XSS issue was discovered in php-calendar before 2017-03-03. The vulnerability exists due to insufficient filtration of user-supplied data errorMsg passed to the "php-calendar-master/error.php" URL. An attacker could execute arbitrary HTML and script code in a browser in the...

CVE-2017-6311

gdk-pixbuf-thumbnailer.c in gdk-pixbuf allows context-dependent attackers to cause a denial of service NULL pointer dereference and application crash via vectors related to printing an error message...

Leakage Of Data Via Error Message

ranger-hive-plugin is vulnerable to leakage of data. When the authorization to Hive fails, the error message for denial of access to the table reveals all the columns in the table. The table should not be revealed to the unauthorized user...

Error: "The Gateway has EPA enabled, which is not supported on iOS devices" on iOS Receiver

This article is intended for Citrix administrators and technical teams only. Non-admin users must contact their company’s Help Desk/IT support team and can refer to CTX297149 for more information. The following error is displayed when logging on to iOS Receiver: The Gateway has EPA enabled, which...

Information disclosure

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data...

CVE-2016-6094

IBM Tivoli Key Lifecycle Manager 2.0.1, 2.5, and 2.6 generates an error message that includes sensitive information about its environment, users, or associated data...

CVE-2016-6094

IBM Tivoli Key Lifecycle Manager (TKLM) and IBM Security Key Lifecycle Manager are affected by CVE-2016-6094 due to an error message that discloses environment, user, or data-related details. Connected IBM Security bulletin specifies affected versions: TKLM 2.0.1 to 2.0.1.8, SKLM 2.5 to 2.5.0.7, ...

WordPress: Wordpress 4.7.2 - Two XSS in Media Upload when file too large.

Description ------------------- An attacker can inject a malicious script in to the filename which a victim tries to upload leading to XSS inside the administrators control panel. Two different "file to large" cases end up in interpolating the file name and appending it into DOM unsanitized leadi...

Input validation

IBM Security Privileged Identity Manager Virtual Appliance could disclose sensitive information in generated error messages that would be available to an authenticated user...

CVE-2016-3021

IBM Security Access Manager for Web could allow an authenticated attacker to obtain sensitive information from error message using a specially crafted HTTP request...