CRLF injection vulnerability in the LightProcess protocol implementation in hphp/util/light-process.cpp in Facebook HipHop Virtual Machine (HHVM) before 2.4.2 allows remote attackers to execute arbitrary commands by entering a \n (newline) character before the end of a string.
Facebook HipHop Virtual Machine (HHVM) before 3.1.0 does not drop supplemental group memberships within hphp/util/capability.cpp and hphp/util/light-process.cpp, which allows remote attackers to bypass intended access restrictions by leveraging group permissions for a file or directory.
The mcrypt_create_iv function in hphp/runtime/ext/mcrypt/ext_mcrypt.cpp in Facebook HipHop Virtual Machine (HHVM) before 3.3.0 does not seed the random number generator, which makes it easier for remote attackers to defeat cryptographic protection mechanisms by leveraging the use of a single initial...
IBM Rational AppScan Source 8.0 through 188.8.131.52 and 8.5 through 184.108.40.206 and Security AppScan Source 8.6 through 220.127.116.11, 8.7 through 18.104.22.168, 8.8, 9.0 through 22.214.171.124, and 9.0.1 allow local users to obtain sensitive credential information by reading installation logs.
IBM WebSphere Service Registry and Repository (WSRR) 8.5 before 126.96.36.199, when Chrome and WebSEAL are used, does not properly process ServiceRegistryDashboard logout actions, which allows remote attackers to bypass intended access restrictions by leveraging an unattended workstation.