CVE-2019-0021 Juniper ATP: secret CLI inputs are logged to /var/log/syslog in clear text

On Juniper ATP, secret passphrase CLI inputs, such as "set mcm", are logged to /var/log/syslog in clear text, allowing authenticated local user to be able to view these secret information. This issue affects Juniper ATP 5.0 versions prior to 5.0.4...

CVE-2019-0021

Summary: Juniper ATP exposes secret CLI inputs (e.g., set mcm) by logging them in plaintext to /var/log/syslog, enabling a local authenticated user to view sensitive information. Affected versions: Juniper ATP 5.0 prior to 5.0.4. Root cause: sensitive command inputs are written to system logs ins...

RHEL 7 : systemd (RHSA-2019:0049)

The remote Redhat Enterprise Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the RHSA-2019:0049 advisory. The systemd packages contain systemd, a system and service manager for Linux, compatible with the SysV and LSB init scripts. It provides...

systemd: stack overflow when calling syslog from a command with long cmdline

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate privileges...

Fedora 29 : systemd (2019-18b3a10c7f)

systemd-journald and systemd-journal-remote reject entries which contain too many fields CVE-2018-16865, 1664973 and set limits on the process' command line length CVE-2018-16864, 1664972 - Fix out-of-bounds read when parsing a crafted syslog message in systemd-journald CVE-2018-16866, 1664975 -...

DEBIAN-CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges...

UBUNTU-CVE-2018-16864

An allocation of memory without limits, that could result in the stack clashing with another memory region, was discovered in systemd-journald when a program with long command line arguments calls syslog. A local attacker may use this flaw to crash systemd-journald or escalate his privileges...

SUSE-SU-2019:0054-1 Security update for systemd

This update for systemd fixes the following issues: Fix security vulnerabilities CVE-2018-16864 and CVE-2018-16865 bsc1120323: Both issues were memory corruptions via attacker-controlled alloca which could have been used to gain root privileges by a local attacker. Fix security vulnerability...

VIVOTEK Network Camera Series Product Cross-Site Scripting Vulnerability

VIVOTEK Network Camera Series is a series of network camera products from China VIVOTEK. A cross-site scripting vulnerability exists in the syslog.html file of VIVOTEK Network Camera Series products using firmware versions 0x06x to 0x08x, which can be exploited by remote attackers to execute...

Fedora 29 : phpMyAdmin (2018-088802878a)

Upstream announcement : The phpMyAdmin team is pleased to announce the release of phpMyAdmin version 4.8.4. Among other bug fixes, this contains several important security fixes. The security fixes involve : - Local file inclusion https://www.phpmyadmin.net/security/PMASA-2018-6/, - XSRF/CSRF...

SUSE SLED15 / SLES15 Security Update : systemd (SUSE-SU-2018:3644-1)

This update for systemd fixes the following issues : Security issues fixed : CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 CVE-2018-15686: A vulnerability in unitdeserialize ...

Security update for phpMyAdmin (moderate)

This update for phpMyAdmin fixes security issues and bugs. Security issues addressed in the 4.8.4 release bsc1119245: - CVE-2018-19968: Local file inclusion through transformation feature - CVE-2018-19969: XSRF/CSRF vulnerability - CVE-2018-19970: XSS vulnerability in navigation tree This update...

openSUSE Security Update : systemd (openSUSE-2018-1382)

This update for systemd fixes the following issues : Security issues fixed : - CVE-2018-15688: A buffer overflow vulnerability in the dhcp6 client of systemd allowed a malicious dhcp6 server to overwrite heap memory in systemd-networkd. bsc1113632 - CVE-2018-15686: A vulnerability in...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Vulnerability

Exploit for php platform in category web applications Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

MaxOn ERP Software 8.x-9.x - nomor SQL Injection

MaxOn ERP Software 8.x-9.x - nomor SQL Injection Exploit Title: MaxOn ERP Software 8.x-9.x - 'nomor' SQL Injection Dork: N/A Date: 2018-10-15 Exploit Author: Ihsan Sencan Vendor Homepage: http://www.talagasoft.com Software Link: http://demo.maxonerp.com/ Software Download:...

openSUSE: Security Advisory for gitolite (openSUSE-SU-2018:3035-1)

The remote host is missing an update for the Copyright C 2018 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-or-later This program is free software; you can...

Security update for gitolite (moderate)

This update for gitolite fixes the following issues: Gitolite was updated to 3.6.9: - CVE-2018-16976: prevent racy access to repos in process of migration to gitolite boo1108272 - 'info' learns new '-p' option to show only physical repos as opposed to wild repos The update to 3.6.8 contains: - fi...

CVE-2018-15399

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...

Race condition

A vulnerability in the TCP syslog module of Cisco Adaptive Security Appliance ASA Software and Cisco Firepower Threat Defense FTD Software could allow an unauthenticated, remote attacker to exhaust the 1550-byte buffers on an affected device, resulting in a denial of service DoS condition. The...

CVE-2018-15399

This CVE (CVE-2018-15399) affects Cisco ASA/FTD TCP Syslog: a missing boundary check in the internal function allows an unauthenticated, remote attacker in MITM position to modify syslog TCP segments, exhausting 1550-byte buffers and causing DoS. Impacted features include AnyConnect SSL VPN, clie...