230 matches found
CVE-2019-3606
Data Leakage Attacks vulnerability in the web portal component when in an MDR pair in McAfee Network Security Management NSM 9.1 9.1.7.75 Update 4 and 9.2 9.2.7.31 Update2 allows administrators to view configuration information in plain text format via the GUI or GUI terminal commands...
CVE-2024-52297
Tolgee is an open-source localization platform. Tolgee 3.81.1 included the all configuration properties in the PublicConfiguratioDTO publicly exposed to users. This vulnerability is fixed in v3.81.2...
CVE-2024-31220
Sunshine is a self-hosted game stream host for Moonlight. Starting in version 0.16.0 and prior to version 0.18.0, an attacker may be able to remotely read arbitrary files without authentication due to a path traversal vulnerability. Users who exposed the Sunshine configuration web user interface...
Juniper Junos OS Authentication for Critical Function (CVE-2024-21619)
The version of Junos OS installed on the remote host is affected by a vulnerability as referenced in the JSA76390 advisory. - A Missing Authentication for Critical Function vulnerability combined with a Generation of Error Message Containing Sensitive Information vulnerability in J-Web of Juniper...
CVE-2025-0619
Unsafe password recovery from configuration in M-Files Server before 25.1 allows a highly privileged user to recover external connector passwords...
CVE-2024-35277
A missing authentication for critical function in Fortinet FortiPortal version 6.0.0 through 6.0.15, FortiManager version 7.4.0 through 7.4.2, 7.2.0 through 7.2.5, 7.0.0 through 7.0.12, 6.4.0 through 6.4.14 allows attacker to access to the configuration of the managed devices by sending...
SAP NetWeaver Application Server 安全漏洞
SAP NetWeaver Application Server is an application server from SAP, Germany. A security vulnerability exists in SAP NetWeaver Application Server ABAP that originates from allowing an attacker to gain unauthorized access to system information, and an unauthenticated attacker can retrieve detailed...
PT-2024-35163 · Tolgee · Tolgee
Name of the Vulnerable Software and Affected Versions: Tolgee version 3.81.1 Description: Tolgee is an open-source localization platform. The issue concerns the public exposure of all configuration properties in the PublicConfigurationDTO to users. Recommendations: For Tolgee version 3.81.1, upda...
PT-2024-34619 · Altai · Altai Ix500 Indoor 22 802.11Ac Wave 2 Ap
Name of the Vulnerable Software and Affected Versions: Altai IX500 Indoor 22 802.11ac Wave 2 AP affected versions not specified Description: The issue allows attackers to obtain sensitive information such as user credentials, system configuration, and database connection strings after login, due ...
Cisco ATA 190 操作系统命令注入漏洞
The Cisco ATA 190 is an analog phone adapter from Cisco. The Cisco ATA 190 suffers from an operating system command injection vulnerability that stems from a lack of authentication at a particular HTTP endpoint. An unauthenticated, remote attacker could use this vulnerability to view or delete th...
CVE-2024-35137 IBM Security Access Manager Docker information disclosure
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413...
CVE-2024-31815
In TOTOLINK EX200 V4.0.3c.7314B20191204, an attacker can obtain the configuration file without authorization through /cgi-bin/ExportSettings.sh...
PT-2024-23310 · Dataease · Dataease
Name of the Vulnerable Software and Affected Versions: DataEase versions prior to 2.5.0 Description: The issue concerns a database configuration information exposure. Visiting the "/de2api/engine/getEngine;.js" API endpoint via a browser reveals the platform's database configuration. The estimate...
Jenkins: Information disclosure through error stack traces related to agents
A flaw was found in Jenkins. The affected version of Jenkins prints an error stack trace on agent-related pages when agent connections are broken. This stack trace may contain information about Jenkins configuration that is otherwise inaccessible to attackers...
PT-2024-1427 · Juniper Networks · Junos
Name of the Vulnerable Software and Affected Versions: Juniper Networks Junos OS on SRX Series and EX Series versions earlier than 20.4R3-S9 Juniper Networks Junos OS on SRX Series and EX Series 21.2 versions earlier than 21.2R3-S7 Juniper Networks Junos OS on SRX Series and EX Series 21.3 versio...
Selected Bentley Systems Products Security Vulnerabilities
Bentley Systems eB System Management Console is a system management console from Bentley Systems, USA. A security vulnerability exists in some Bentley Systems products that originated from allowing an unauthenticated attacker to view configuration options via a specially crafted request, which...
CVE-2023-41967
Sensitive information uncleared after debug/power state transition in the Controller 6000 could be abused by an attacker with knowledge of the Controller's default diagnostic password and physical access to the Controller to view its configuration through the diagnostic web pages. This issue...
Red Hat Infinispan Security Vulnerability
Red Hat Infinispan is a suite of distributed caching and key-value NoSQL datastore software from Red Hat USA. A security vulnerability exists in Red Hat Infinispan that stems from returning credentials from a configuration in plaintext...
BVRP Software Avanquest Software SLmail Security Breach
BVRP Software Avanquest Software SLmail BVRP Software SLmail is an e-mail server solution from BVRP Software, France. A security vulnerability exists in BVRP Software Avanquest Software SLmail version 5.5.0.4433, which originates from the ability to retrieve credentials files, configuration files...
fwupd: world readable password in /etc/fwupd/redfish.conf
A flaw was found in fwupd. When creating an OPERATOR user account on the BMC, the redfish plugin saved the auto-generated password to /etc/fwupd/redfish.conf without proper restriction, allowing any user on the system to read the same configuration file...