CVE List - 2015 / February
Showing 201 - 300 of 486 CVEs for February 2015 (Page 3 of 5)
| CVE ID | Date | Title |
|---|---|---|
| CVE-2015-0022 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0023 | 2015-02-11 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0025 | 2015-02-11 | Microsoft Internet Explorer 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0026 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0027 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0028 | 2015-02-11 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0029 | 2015-02-11 | Microsoft Internet Explorer 6 and 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0030 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0031 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0035 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0036 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0037 | 2015-02-11 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0038 | 2015-02-11 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0039 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0040 | 2015-02-11 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0041 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0042 | 2015-02-11 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0043 | 2015-02-11 | Microsoft Internet Explorer 8 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0044 | 2015-02-11 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0045 | 2015-02-11 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0046 | 2015-02-11 | Microsoft Internet Explorer 9 through 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0048 | 2015-02-11 | Microsoft Internet Explorer 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0049 | 2015-02-11 | Microsoft Internet Explorer 8 and 10 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0050 | 2015-02-11 | Microsoft Internet Explorer 8 and 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0051 | 2015-02-11 | Microsoft Internet Explorer 8 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |
| CVE-2015-0052 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0053 | 2015-02-11 | Microsoft Internet Explorer 6 through 8 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0054 | 2015-02-11 | Microsoft Internet Explorer 7 through 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." |
| CVE-2015-0055 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to gain privileges via a crafted web site, aka "Internet Explorer Elevation of Privilege Vulnerability." |
| CVE-2015-0057 | 2015-02-11 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server... |
| CVE-2015-0058 | 2015-02-11 | Double free vulnerability in win32k.sys in the kernel-mode drivers in Microsoft Windows 8.1, Windows Server 2012 R2, and Windows RT 8.1 allows local users to gain privileges via a crafted... |
| CVE-2015-0059 | 2015-02-11 | win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and... |
| CVE-2015-0060 | 2015-02-11 | The font mapper in win32k.sys in the kernel-mode drivers in Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8,... |
| CVE-2015-0061 | 2015-02-11 | Microsoft Windows Server 2003 SP2, Windows Vista SP2, Windows Server 2008 SP2 and R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows... |
| CVE-2015-0062 | 2015-02-11 | Microsoft Windows Server 2008 R2 SP1, Windows 7 SP1, Windows 8, Windows 8.1, Windows Server 2012 Gold and R2, and Windows RT Gold and 8.1 allow local users to gain... |
| CVE-2015-0063 | 2015-02-11 | Microsoft Excel 2007 SP3; the proofing tools in Office 2010 SP2; Excel 2010 SP2; Excel 2013 Gold, SP1, and RT; Excel Viewer; and Office Compatibility Pack SP3 allow remote attackers... |
| CVE-2015-0064 | 2015-02-11 | Microsoft Word 2007 SP3, Office 2010 SP2, Word 2010 SP2, Word Automation Services in SharePoint Server 2010, Web Applications 2010 SP2, Word Viewer, and Office Compatibility Pack SP3 allow remote... |
| CVE-2015-0065 | 2015-02-11 | Microsoft Word 2007 SP3 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted Office document, aka "OneTableDocumentStream Remote Code Execution Vulnerability." |
| CVE-2015-0066 | 2015-02-11 | Microsoft Internet Explorer 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory Corruption Vulnerability,"... |
| CVE-2015-0067 | 2015-02-11 | Microsoft Internet Explorer 6 through 9 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0068 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via a crafted web site, aka "Internet Explorer Memory... |
| CVE-2015-0069 | 2015-02-11 | Microsoft Internet Explorer 10 and 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |
| CVE-2015-0070 | 2015-02-11 | Microsoft Internet Explorer 6 through 11 allows remote attackers to read content from a different (1) domain or (2) zone via a crafted web site, aka "Internet Explorer Cross-domain Information... |
| CVE-2015-0071 | 2015-02-11 | Microsoft Internet Explorer 9 through 11 allows remote attackers to bypass the ASLR protection mechanism via a crafted web site, aka "Internet Explorer ASLR Bypass Vulnerability." |
| CVE-2015-1172 | 2015-02-11 | Unrestricted file upload vulnerability in admin/upload-file.php in the Holding Pattern theme (aka holding_pattern) 0.6 and earlier for WordPress allows remote attackers to execute arbitrary PHP code by uploading a file... |
| CVE-2015-1518 | 2015-02-11 | SQL injection vulnerability in the search_post function in includes/search.php in Redaxscript before 2.3.0 allows remote attackers to execute arbitrary SQL commands via the search_terms parameter. |
| CVE-2015-1579 | 2015-02-11 | Directory traversal vulnerability in the Elegant Themes Divi theme for WordPress allows remote attackers to read arbitrary files via a .. (dot dot) in the img parameter in a revslider_show_image... |
| CVE-2015-1575 | 2015-02-11 | Multiple cross-site scripting (XSS) vulnerabilities in u5CMS before 3.9.4 allow remote attackers to inject arbitrary web script or HTML via the (1) c, (2) i, (3) l, or (4) p... |
| CVE-2015-1576 | 2015-02-11 | Multiple SQL injection vulnerabilities in u5CMS before 3.9.4 allow remote attackers to execute arbitrary SQL commands via the name parameter to (1) copy2.php, (2) localize.php, (3) metai.php, (4) nc.php, (5)... |
| CVE-2015-1577 | 2015-02-11 | Directory traversal vulnerability in u5admin/deletefile.php in u5CMS before 3.9.4 allows remote attackers to write to arbitrary files via a (1) .. (dot dot) or (2) full pathname in the f... |
| CVE-2015-1578 | 2015-02-11 | Multiple open redirect vulnerabilities in u5CMS before 3.9.4 allow remote attackers to redirect users to arbitrary web sites and conduct phishing attacks via a URL in the (1) pidvesa cookie... |
| CVE-2015-1580 | 2015-02-11 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Redirection Page plugin 1.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings... |
| CVE-2015-1581 | 2015-02-11 | Multiple cross-site request forgery (CSRF) vulnerabilities in the Mobile Domain plugin 1.5.2 for WordPress allow remote attackers to hijack the authentication of administrators for requests that (1) change plugin settings... |
| CVE-2015-1582 | 2015-02-11 | Multiple cross-site scripting (XSS) vulnerabilities in the Spider Facebook plugin before 1.0.11 for WordPress allow (1) remote attackers to inject arbitrary web script or HTML via the appid parameter in... |
| CVE-2014-2147 | 2015-02-12 | The web interface in Cisco Prime Infrastructure 2.1 and earlier does not properly restrict use of IFRAME elements, which makes it easier for remote attackers to conduct clickjacking attacks and... |
| CVE-2014-2152 | 2015-02-12 | Cross-site request forgery (CSRF) vulnerability in the INSERT page in Cisco Prime Infrastructure (PI) allows remote attackers to hijack the authentication of arbitrary users, aka Bug ID CSCun21868. |
| CVE-2014-2153 | 2015-02-12 | Multiple cross-site scripting (XSS) vulnerabilities in INSERT pages in Cisco Prime Infrastructure allow remote attackers to inject arbitrary web script or HTML via unspecified parameters, aka Bug ID CSCun21869. |
| CVE-2014-3365 | 2015-02-12 | Multiple cross-site scripting (XSS) vulnerabilities in Cisco Prime Security Manager (PRSM) 9.2(.1-2) and earlier allow remote attackers to inject arbitrary web script or HTML via crafted input to the (1)... |
| CVE-2015-0580 | 2015-02-12 | Multiple SQL injection vulnerabilities in the ACS View reporting interface pages in Cisco Secure Access Control System (ACS) before 5.5 patch 7 allow remote authenticated administrators to execute arbitrary SQL... |
| CVE-2015-0592 | 2015-02-12 | The Zone-Based Firewall implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted network traffic that triggers incorrect kernel-timer handling,... |
| CVE-2015-0606 | 2015-02-12 | The IOS Shell in Cisco IOS allows local users to cause a denial of service (device crash) via unspecified commands, aka Bug ID CSCur59696. |
| CVE-2015-0608 | 2015-02-12 | Race condition in the Measurement, Aggregation, and Correlation Engine (MACE) implementation in Cisco IOS 15.4(2)T3 and earlier allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2015-0610 | 2015-02-12 | Race condition in the object-group ACL feature in Cisco IOS 15.5(2)T and earlier allows remote attackers to bypass intended access restrictions via crafted network traffic that triggers improper handling of... |
| CVE-2015-0611 | 2015-02-12 | The administrative web-management portal in Cisco IX 8 (.0.1) and earlier on Cisco TelePresence IX5000 devices does not properly restrict the device-recovery account's access, which allows remote authenticated users to... |
| CVE-2015-0619 | 2015-02-12 | Memory leak in the embedded web server in the WebVPN subsystem in Cisco Adaptive Security Appliance (ASA) Software allows remote attackers to cause a denial of service (memory consumption and... |
| CVE-2014-8110 | 2015-02-12 | Multiple cross-site scripting (XSS) vulnerabilities in the web based administration console in Apache ActiveMQ 5.x before 5.10.1 allow remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2014-9512 | 2015-02-12 | rsync 3.1.1 allows remote attackers to write to arbitrary files via a symlink attack on a file in the synchronization path. |
| CVE-2015-0227 | 2015-02-12 | Apache WSS4J before 1.6.17 and 2.x before 2.0.2 allows remote attackers to bypass the requireSignedEncryptedDataElements configuration via a vectors related to "wrapping attacks." |
| CVE-2015-1345 | 2015-02-12 | The bmexec_trans function in kwset.c in grep 2.19 through 2.21 allows local users to cause a denial of service (out-of-bounds heap read and crash) via crafted input when using the... |
| CVE-2015-1471 | 2015-02-12 | SQL injection vulnerability in userprofile.lib.php in Pragyan CMS 3.0 allows remote attackers to execute arbitrary SQL commands via the user parameter to the default URI. |
| CVE-2015-1545 | 2015-02-12 | The deref_parseCtrl function in servers/slapd/overlays/deref.c in OpenLDAP 2.4.13 through 2.4.40 allows remote attackers to cause a denial of service (NULL pointer dereference and crash) via an empty attribute list in... |
| CVE-2015-1546 | 2015-02-12 | Double free vulnerability in the get_vrFilter function in servers/slapd/filter.c in OpenLDAP 2.4.40 allows remote attackers to cause a denial of service (crash) via a crafted search query with a matched... |
| CVE-2014-4771 | 2015-02-13 | IBM WebSphere MQ 7.0.1 before 7.0.1.13, 7.1 before 7.1.0.6, 7.5 before 7.5.0.5, and 8 before 8.0.0.1 allows remote authenticated users to cause a denial of service (queue-slot exhaustion) by leveraging... |
| CVE-2014-4781 | 2015-02-13 | The alert module in IBM InfoSphere BigInsights 2.1.2 and 3.x before 3.0.0.2 allows remote attackers to obtain sensitive Alert management-services API information via a network-tracing attack. |
| CVE-2014-4803 | 2015-02-13 | CRLF injection vulnerability in the Universal Access implementation in IBM Curam Social Program Management 6.0 SP2 before EP26, 6.0.4 before 6.0.4.5 iFix007, and 6.0.5 before 6.0.5.5 iFix003, when WebSphere Application... |
| CVE-2014-4813 | 2015-02-13 | Race condition in the client in IBM Tivoli Storage Manager (TSM) 5.4.0.0 through 5.4.3.6, 5.5.0.0 through 5.5.4.3, 6.1.0.0 through 6.1.5.6, 6.2 before 6.2.5.4, 6.3 before 6.3.2.3, 6.4 before 6.4.2.1, and... |
| CVE-2014-6139 | 2015-02-13 | The Search REST API in IBM Business Process Manager 8.0.1.3, 8.5.0.1, and 8.5.5.0 allows remote authenticated users to bypass intended access restrictions and perform task-instance and process-instance searches by specifying... |
| CVE-2014-6154 | 2015-02-13 | Directory traversal vulnerability in IBM Optim Performance Manager for DB2 4.1.0.1 through 4.1.1 on Linux, UNIX, and Windows and IBM InfoSphere Optim Performance Manager for DB2 5.1 through 5.3.1 on... |
| CVE-2014-6185 | 2015-02-13 | dsmtca in the client in IBM Tivoli Storage Manager (TSM) 6.3 before 6.3.2.3, 6.4 before 6.4.2.2, and 7.1 before 7.1.1.3 does not properly restrict shared-library loading, which allows local users... |
| CVE-2014-8385 | 2015-02-13 | Buffer overflow on Advantech EKI-1200 gateways with firmware before 1.63 allows remote attackers to execute arbitrary code via unspecified vectors. |
| CVE-2014-8909 | 2015-02-13 | Cross-site scripting (XSS) vulnerability in IBM WebSphere Portal 6.1.0.x through 6.1.0.6 CF27, 6.1.5.x through 6.1.5.3 CF27, 7.0.0.x through 7.0.0.2 CF29, 8.0.0.x before 8.0.0.1 CF15, and 8.5.0 before CF05 allows remote... |
| CVE-2015-0593 | 2015-02-13 | The Zone-Based Firewall implementation in Cisco IOS 12.4(122)T and earlier does not properly manage session-object structures, which allows remote attackers to cause a denial of service (device reload) via crafted... |
| CVE-2015-0873 | 2015-02-13 | Cross-site scripting (XSS) vulnerability in Homepage Decorator PerlTreeBBS 2.30 and earlier allows remote attackers to inject arbitrary web script or HTML via unspecified vectors. |
| CVE-2013-2027 | 2015-02-13 | Jython 2.2.1 uses the current umask to set the privileges of the class cache files, which allows local users to bypass intended access restrictions via unspecified vectors. |
| CVE-2014-0151 | 2015-02-13 | Cross-site request forgery (CSRF) vulnerability in oVirt Engine before 3.5.0 beta2 allows remote attackers to hijack the authentication of users for requests that perform unspecified actions via a REST API... |
| CVE-2014-0154 | 2015-02-13 | oVirt Engine before 3.5.0 does not include the HTTPOnly flag in a Set-Cookie header for the session IDs, which makes it easier for remote attackers to obtain potentially sensitive information... |
| CVE-2014-7827 | 2015-02-13 | The org.jboss.security.plugins.mapping.JBossMappingManager implementation in JBoss Security in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 uses the default security domain when a security domain is undefined, which allows remote... |
| CVE-2014-7849 | 2015-02-13 | The Role Based Access Control (RBAC) implementation in JBoss Enterprise Application Platform (EAP) 6.2.0 through 6.3.2 does not properly verify authorization conditions, which allows remote authenticated users to add, modify,... |
| CVE-2014-7853 | 2015-02-13 | The JBoss Application Server (WildFly) JacORB subsystem in Red Hat JBoss Enterprise Application Platform (EAP) before 6.3.3 does not properly assign socket-binding-ref sensitivity classification to the security-domain attribute, which allows... |
| CVE-2014-8122 | 2015-02-13 | Race condition in JBoss Weld before 2.2.8 and 3.x before 3.0.0 Alpha3 allows remote attackers to obtain information from a previous conversation via vectors related to a stale thread state. |
| CVE-2015-0245 | 2015-02-13 | D-Bus 1.4.x through 1.6.x before 1.6.30, 1.8.x before 1.8.16, and 1.9.x before 1.9.10 does not validate the source of ActivationFailure signals, which allows local users to cause a denial of... |
| CVE-2015-0255 | 2015-02-13 | X.Org Server (aka xserver and xorg-server) before 1.16.3 and 1.17.x before 1.17.1 allows remote attackers to obtain sensitive information from process memory or cause a denial of service (crash) via... |
| CVE-2014-4804 | 2015-02-14 | Curam Universal Access in IBM Curam Social Program Management 5.2 before SP6 EP6, 6.0 SP2 before EP26, 6.0.4.5 before iFix007, 6.0.5.4 before iFix005, and 6.0.5.5 before iFix003, when SPI inclusion... |
| CVE-2014-6195 | 2015-02-14 | The (1) Java GUI and (2) Web GUI components in the IBM Tivoli Storage Manager (TSM) Backup-Archive client 5.4 and 5.5 before 5.5.4.4 on AIX, Linux, and Solaris; 5.4.x and... |
| CVE-2014-8911 | 2015-02-14 | Cross-site scripting (XSS) vulnerability in IBM Content Navigator 2.0.0 and 2.0.1 before 2.0.1.2 FP002 IF003 and 2.0.3 before 2.0.3.2 FP002 allows remote attackers to inject arbitrary web script or HTML... |
| CVE-2015-0923 | 2015-02-14 | The ContentBlockEx method in Workarea/ServerControlWS.asmx in Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1 allows remote attackers to read arbitrary files via an external... |
| CVE-2015-0931 | 2015-02-14 | Ektron Content Management System (CMS) 8.5 and 8.7 before 8.7sp2 and 9.0 before sp1, when the Saxon XSLT parser is used, allows remote attackers to execute arbitrary code via a... |
| CVE-2015-0517 | 2015-02-14 | The D2-API component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 places the MD5 hash of an encryption passphrase in log... |
| CVE-2015-0518 | 2015-02-14 | The Properties service in the D2FS web-service component in EMC Documentum D2 3.1 through SP1, 4.0 and 4.1 before 4.1 P22, and 4.2 before P11 allows remote authenticated users to... |
| CVE-2015-0519 | 2015-02-14 | The InputAccel Database (IADB) installation process in EMC Captiva Capture 7.0 before patch 25 and 7.1 before patch 13 places a cleartext InputAccel (IA) SQL password in a DAL log... |