logs software vulnerabilities

Searching logs software vulnerabilities

SSH server (sshd2) before 2.0.12 does not prope

SSH server (sshd2) before 2.0.12 does not properly record login attempts if the connection is closed before the maximum number of tries, allowing a remote attacker to guess the password without showing up in the audit logs.

Hummingbird Exceed 6.0.1.0 inadvertently includ

Hummingbird | Exceed |

Hummingbird Exceed 6.0.1.0 inadvertently includes a DLL that was meant for development and testing, which logs user names and passwords in cleartext in the test.log file.

oidldapd 2.1.1.1 in Oracle 8.1.7 records log fi

oidldapd |

oidldapd 2.1.1.1 in Oracle 8.1.7 records log files in a directory (ldaplog) that has world-writable permissions, which may allow local users to delete logs and/or overwrite other files via a symlink attack.

CITRIX Metaframe 1.8 logs the Client Address (I

CITRIX Metaframe 1.8 logs the Client Address (IP address) that is provided by the client instead of obtaining it from the packet headers, which allows clients to spoof their public IP address, e.g. through Network Address Translation (NAT).

Bugzilla before 2.14 includes the username and

Bugzilla | before |

Bugzilla before 2.14 includes the username and password in URLs, which could allow attackers to gain privileges by reading the information from the web server logs, or by "shoulder-surfing" and observing the web browser's location bar.

Legato NetWorker 6.1 stores log files in the /n

Legato NetWorker 6.1 stores log files in the /nsr/logs/ directory with world-readable permissions, which allows local users to read sensitive information and possibly gain privileges.

FreeScripts VisitorBook LE (visitorbook.pl) log

VisitorBook | FreeScripts |

FreeScripts VisitorBook LE (visitorbook.pl) logs the reverse DNS name of a visiting host, which allows remote attackers to spoof the origin of their incoming requests and facilitate cross-site scripting (XSS) attacks.

ScriptLogic 4.01, and possibly other versions b

ScriptLogic |

ScriptLogic 4.01, and possibly other versions before 4.14, uses insecure permissions for the LOGS$ share, which allows users to modify log records and possibly execute arbitrary code.

siteminderagent/SmMakeCookie.ccc in Netegrity S

siteminderagent/SmMakeCookie.ccc in Netegrity SiteMinder places a session ID string in the value of the SMSESSION parameter in a URL, which might allow remote attackers to obtain the ID by sniffing, reading Referer logs, or other methods.

Motorola Wireless Router WR850G running firmwar

Motorola Wireless Router WR850G running firmware 4.03 allows remote attackers to bypass authentication, log on as an administrator, and obtain sensitive information by repeatedly making an HTTP request for ver.asp until an administrator logs on.

phpScheduleIt 1.0.0 RC1 does not clear administ

phpScheduleIt |

phpScheduleIt 1.0.0 RC1 does not clear administrative privileges if the administrator logs in as a normal user, which allows users with physical access to gain administrative privileges.

awstats.pl in AWStats 6.3 and 6.4 allows remote

awstats.pl in AWStats 6.3 and 6.4 allows remote attackers to read server web logs by setting the loadplugin and pluginmode parameters to rawlog.

MCX Client for Apple Mac OS X 10.4.x up to 10.4

Client | Apple | 104x | Mac | MCX |

MCX Client for Apple Mac OS X 10.4.x up to 10.4.1 insecurely logs Portable Home Directory credentials, which allows local users to obtain the credentials.

WebSphere Application Server 5.0.2 (or any earl

Application | WebSphere | Server |

WebSphere Application Server 5.0.2 (or any earlier cumulative fix) stores admin and LDAP passwords in plaintext in the FFDC logs when a login to WebSphere fails, which allows attackers to gain privileges.

Mercury Messenger, possibly 1.7.1.1 and other v

Messenger | possibly | Mercury |

Mercury Messenger, possibly 1.7.1.1 and other versions, when running on a multi-user Mac OS X platform, stores chat logs with world-readable permissions within the /Users directory, which allows local users to read the chat logs from other users.

AuditWizard 6.3.2, when using "Remote Audit," l

AuditWizard |

AuditWizard 6.3.2, when using "Remote Audit," logs the administrator password in plaintext to LaytonCmdSvc.log, which allows local users to obtain sensitive information by reading the file.

TIBCO RendezVous 7.4.11 and earlier logs base64

RendezVous | TIBCO |

TIBCO RendezVous 7.4.11 and earlier logs base64-encoded usernames and passwords in rvrd.db, which allows local users to obtain sensitive information by decoding the log file.

Adobe Contribute Publishing Server leaks the ad

Adobe Contribute Publishing Server leaks the administrator password in logs that are created during product installation, which allows local users to gain privileges to the server.

crashdump in Apple Mac OS X 10.4.8 allows local

crashdump | Apple | Mac |

crashdump in Apple Mac OS X 10.4.8 allows local users in the admin group to modify arbitrary files or gain privileges via a symlink attack on application logs in /Library/Logs/CrashReporter/.

Unclassified NewsBoard 1.6.3 stores sensitive i

Unclassified | NewsBoard |

Unclassified NewsBoard 1.6.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to obtain (1) the board log via a direct request for logs/board-YYYY-MM-DD.log, (2) the mail and private message (PM) log via a direct request for logs/email-YY-MM-DD-HH-MM-SS.log, (3) the SQL error message log via a direct request for logs/error-YY-MM.log, and (4) the IP log via a direct request for logs/ip.log.

Software vulnerabilities results 1 to 20 of 54

Page: 12 3 ►

logs software vulnerabilities

vulnerabilities.aspcode.net

Searching logs software vulnerabilities