Cisco Appliance Admin Default Credentials (SSH)

The remote Cisco Appliance is using known default credentials. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...

CVE-2015-5865

CVE-2015-5865 corresponds to a vulnerability in the IOGraphics component of Apple OS X before 10.11, where a crafted app can cause leakage of sensitive kernel memory layout information. The affected entry describes a local information disclosure via the IOGraphics kernel path, enabling an attacke...

CVE-2015-5842

XNU in the kernel in Apple iOS before 9 does not properly initialize an unspecified data structure, which allows local users to obtain sensitive memory-layout information via unknown vectors...

Same origin violation and local file stealing via PDF reader — Mozilla

Security researcher Cody Crews reported on a way to violate the same origin policy and inject script into a non-privileged part of the built-in PDF Viewer. This would allow an attacker to read and steal sensitive local files on the victim's computer...

MongoDB 2.4.x, 2.6.x Information Disclosure Vulnerability - Active Check

MongoDB is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2015 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:mongodb:mongodb";...

USN-2660-1: Linux kernel vulnerability

A race condition was discovered in the Linux kernel's filehandle size verification. A local user could exploit this flaw to read potentially sensative memory locations...

FreeBSD : cURL -- sensitive HTTP server headers also sent to proxies (27f742f6-03f4-11e5-aab1-d050996490d0)

cURL reports : libcurl provides applications a way to set custom HTTP headers to be sent to the server by using CURLOPTHTTPHEADER. A similar option is available for the curl command-line tool with the '--header' option. When the connection passes through an HTTP proxy the same set of headers is...

CVE-2015-3646

OpenStack Identity Keystone before 2014.1.5 and 2014.2.x before 2014.2.4 logs the backendargument configuration option content, which allows remote authenticated users to obtain passwords and other sensitive backend information by reading the Keystone logs...

Debian DLA-29-1 : puppet security update

It was discovered that the puppet package did not restrict the permissions and ownership of the /var/log/puppet directory, which may expose sensitive information. NOTE: Tenable Network Security has extracted the preceding description block directly from the DLA security advisory. Tenable has...

X (Formerly Twitter): Twitter Ads Campaign information disclosure through admin without any authentication.

Hi Twitter !! I just wanted to report a major flaw which I found in https://ads.twitter.com , hoping it make twitter more secure and I am glad for being a part of it. Vulnerability Name: OWASP:A6 Sensitive data Exposure Vulnerable URL: https://ads.twitter.com/admin/accountstypeahead.json?query=...

Cisco ASA Software Version Information Disclosure Vulnerability (Cisco-SA-20141006) - Active Check

Cisco ASA Software is prone to an information-disclosure vulnerability. Copyright C 2015 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free...

ARRIS Touchstone DG950A SNMP Information Disclosure (CVE-2014-4863)

It is possible to read the plaintext password, SSID, and other sensitive information from the remote ARRIS Touchstone cable modems using an SNMP request. TRUSTED...

CVE-2014-3621

The catalog url replacement in OpenStack Identity Keystone before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$admintoken" in the publicurl endpoint field...

CVE-2014-5269

Plack::App::File in Plack before 1.0031 removes trailing slash characters from paths, which allows remote attackers to bypass the whitelist of generated files and obtain sensitive information via a crafted path, related to Plack::Middleware::Static...

WordPress Acumbamail Plugin <= 1.0.4 - Information Disclosure

Because of this vulnerability, attackers can perform man-in-the-middle attacks and disclose sensitive information. Solution Update the plugin...

ownCloud Amazon SDK Information Disclosure Vulnerability

ownCloud is prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2014 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:owncloud:owncloud";...

AWStats 5.x/6.x Debug Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/12545/info A remote information disclosure vulnerability reportedly affects AWStats. This issue is due to a failure of the application to properly validate access to sensitive data. An attacker may leverage this issue to...

Interchange 4.8.x/5.0 - Remote Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/10005/info It has been reported that Interchange may be prone to a remote information disclosure vulnerability allowing attackers to disclose contents of arbitrary variables via URI requests. This issue may allow an...

Apache mod_wsgi - Information Disclosure

source: https://www.securityfocus.com/bid/67534/info modwsgi is prone to a remote information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may aid in launching further attacks. import functools import threading import time import random def...

heartbleeder automatically detecting OpenSSL heartbleed with repair guide-vulnerability warning-the black bar safety net

heartbleeder can detect your server whether the presence of the OpenSSL CVE-2 0 1 4-0 1 6 0 vulnerability, the heartbleed vulnerability is. What is the heartbleed vulnerability? CVE-2 0 1 4-0 1 6 0, the heartbleed vulnerability is a very serious OpenSSL vulnerability. This vulnerability so that...