Description
twiddle.sh in JBoss AS 5.0 and EAP 5.0 and earlier accepts credentials as command-line arguments, which allows local users to read the credentials by listing the process and its arguments.
Remediation
References
Related Vulnerabilities
OpenSSL Exposure of Sensitive Information to an Unauthorized Actor Vulnerability (CVE-2014-3508)
WordPress Plugin wp Dreamwork Gallery 'upload.php' Arbitrary File Upload (2.1)
WordPress 4.0.x Multiple Vulnerabilities (4.0 - 4.0.9)
WordPress Plugin YITH WooCommerce Added to Cart Popup Security Bypass (1.3.11)