Jira outputs a stack trace to the screen when an error is encountered

When an error condition is triggered by a user or black-box security scanner such as Acunetix, the system provides an appropriate error page. However, the error page includes the stack trace which the scanner will determine to be a potential Information Disclosure vulnerability because the stack...

Jira outputs a stack trace to the screen when an error is encountered

panel h3. Problem When users are greeted by the error 500 page, they can click on the Request assistance link to expand and see the long stack trace of the error that occurs. The information is not useful to most of the end users but it's not possible to hide it from them. h3. Suggestion To have ...

Xerox DocuShare SQL Injection

The following request is vulnerable to a SQL injection in the last URI segment: GET /docushare/dsweb/ResultBackgroundJobMultiple/1 HTTP/1.1 Host: 172.31.16.194:8080 User-Agent: Mozilla/5.0 X11; Ubuntu; Linux x8664; rv:26.0 Gecko/20100101 Firefox/26.0 Accept:...

kernel: security and bugfix update (important)

The Linux kernel was updated to fix various bugs and security issues: - mm/page-writeback.c: do not count anon pages as dirtyable memory reclaim stalls. - mm/page-writeback.c: fix dirtybalancereserve subtraction from dirtyable memory reclaim stalls. - compatsysrecvmmsg X32 fix bnc860993...

CVE-2013-3442

The web portal in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854...

Information disclosure

The web portal in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854...

CVE-2013-3442

The web portal in Cisco Unified Communications Manager Unified CM allows remote authenticated users to obtain sensitive stack-trace information via unspecified vectors that trigger a stack exception, aka Bug ID CSCug34854...

CVE-2013-3442

Cisco CVE-2013-3442 affects the Cisco Unified Communications Manager web portal. The vulnerability allows remote authenticated users to obtain sensitive stack-trace information by triggering a stack exception via the web interface (Bug ID CSCug34854). The NVD entry lists a CVSSv2 base score of 4....

Cisco Unified Communications Manager Stack Trace Web Disclosure Vulnerability

An issue in the web portal of Cisco Unified Communications Manager Unified CM could allow an authenticated, remote attacker to view exception stack trace details. The issue is due to disclosure of exception stack trace details. An attacker could exploit this issue by generating a stack exception ...

CVE-2013-0481

CVE-2013-0481 affects IBM Sterling B2B Integrator (versions 5.0–5.2) and IBM Sterling File Gateway (versions 2.0–2.2). The issue: errors or exceptions in the console processing may cause stack traces to be displayed in responses, potentially exposing internal implementation details. The CVE is do...

PEiD 0.95 - Memory Corruption (PoC)

PEiD 0.95 - Memory Corruption PoC Title: PEiD v0.95 Memory Corruption About PEiD : PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files. Very popular among malware researchers for detection of packers /...

PEiD 0.95 Memory Corruption

Title: PEiD v0.95 Memory Corruption About PEiD : PEiD is an intuitive application that relies on its user-friendly interface to detect packers, cryptors and compilers found in PE executable files. Very popular among malware researchers for detection of packers / cryptors. Date: 22nd June 2013...

CVE-2013-0520

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...

Design/Logic Flaw

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...

CVE-2013-0520

CVE-2013-0520 affects IBM Sterling Secure Proxy: vulnerable in 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7. The issue allows remote authenticated users to obtain sensitive Java stack traces by sending invalid input. Remediation is ...

CVE-2013-0520

IBM Sterling Secure Proxy 3.2.0 and 3.3.01 before 3.3.01.23 Interim Fix 1, 3.4.0 before 3.4.0.6 Interim Fix 1, and 3.4.1 before 3.4.1.7 allows remote authenticated users to obtain sensitive Java stack-trace information by providing invalid input data...

Stack overflow

simple-gmail-login.php in the Simple Gmail Login plugin before 1.1.4 for WordPress allows remote attackers to obtain sensitive information via a request that lacks a timezone, leading to disclosure of the installation path in a stack trace...

Update on CVE assigned for Wordpress Plugin Simple Gmail Login

Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ CVE Assigned- CVE-2012-6313. Description Once you have installed this plugin you can login to...

Wordpress Plugin Simple Gmail Login Stack Trace Vulnerability

Application- Wordpress Plugin Simple Gmail Login Exploit - Stack Trace Error URL- http://wordpress.org/extend/plugins/simple-gmail-login/ Author- Aditya Balapure Link - http://adityabalapure.blogspot.in/ Description Once you have installed this plugin you can login to wp-admin using your ordinary...

WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure

WordPress Plugin Simple Gmail Login - Stack Trace Information Disclosure source: https://www.securityfocus.com/bid/56860/info The Simple Gmail Login plugin for Wordpress is prone to an information-disclosure vulnerability. Attackers can exploit this issue to obtain sensitive information that may...