GHSA-R7P6-FR3X-R877 CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file

CakePHP 1.3.7 allows remote attackers to obtain sensitive information via a direct request to a .php file, which reveals the installation path in an error message, as demonstrated by dispatcher.php and certain other files...

GHSA-Q68V-VCJG-R3VP TYPO3 allows remote attackers to obtain the database name via a direct request

The Command Line Interface CLI script in TYPO3 4.4.0 through 4.4.13, 4.5.0 through 4.5.13, 4.6.0 through 4.6.6, 4.7, and 6.0 allows remote attackers to obtain the database name via a direct request...

GHSA-4XQ9-VW89-P5CX Fat Free CRM allows remote attackers to obtain sensitive information via a direct request

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

Fat Free CRM allows remote attackers to obtain sensitive information via a direct request

Fat Free CRM before 0.12.1 does not restrict JSON serialization, which allows remote attackers to obtain sensitive information via a direct request, as demonstrated by a request for users/1.json...

CiviCRM SQL injection vulnerability via Quick Search API

The Quick Search API in CiviCRM 4.2.0 through 4.2.9 and 4.3.0 through 4.3.3 allows remote authenticated users to bypass the validation layer and conduct SQL injection attacks via a direct request to the "second layer" of the API, related to contact.getquick...

GHSA-5XMF-9VGR-53MJ Jenkins allows Unauthorized Viewing of Queue API Information

Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to queue/api...

VulnCheck KEV: CVE-2012-5469

The Portable phpMyAdmin plugin before 1.3.1 for WordPress allows remote attackers to bypass authentication and obtain phpMyAdmin console access via a direct request to wp-content/plugins/portable-phpmyadmin/wp-pma-mod...

Design/Logic Flaw

Tenda N300 F3 12.01.01.48 devices allow remote attackers to obtain sensitive information possibly including an httppasswd line via a direct request for cgi-bin/DownloadCfg/RouterCfm.cfg, a related issue to CVE-2017-14942. NOTE: the vulnerability report may suggest that either a ? character must b...

PT-2021-11759 · Tenda · Tenda N300 F3

Name of the Vulnerable Software and Affected Versions: Tenda N300 F3 version 12.01.01.48 Description: The issue allows remote attackers to obtain sensitive information, possibly including an http passwd line, via a direct request for "cgi-bin/DownloadCfg/RouterCfm.cfg". The vulnerability may...

Google Http package For Dart 注入漏洞

Google Http package For Dart is a U.S. Google Inc. for the Dart programming language Http support code base . A cross-site request forgery vulnerability exists in Google Http package For Dart version 0.12.2 and earlier versions, which allows an attacker to implement a CRLF injection into an HTTP...

Spoofing

A CWE-425: Direct Request 'Forced Browsing' vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause disclosure of sensitive data when sending a...

CVE-2020-7541

The CVE-2020-7541 issue affects Schneider Electric Modicon devices: Modicon M340 Web Server, Legacy Modicon Quantum and Modicon Premium, and related Communication Modules. It is a CWE-425 Direct Request (Forced Browsing) flaw that could disclose sensitive data when a specially crafted HTTP reques...

CVE-2020-28937

OpenClinic version 0.8.2 is affected by a missing authentication vulnerability that allows unauthenticated users to access any patient's medical test results, possibly resulting in disclosure of Protected Health Information PHI stored in the application, via a direct request for the /tests/ URI...

CVE-2020-26150

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

CVE-2020-26150

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

Information disclosure

info.php in Logaritmo Aware CallManager 2012 allows remote attackers to obtain sensitive information via a direct request, which calls the phpinfo function...

Centreon Information Disclosure Vulnerability

Centreon Merethis Centreon is a set of open-source system monitoring tools from the French company Centreon. The product mainly provides monitoring functions for resources such as network, system and application programs. There is a security vulnerability in Centreon. An attacker can exploit this...

CVE-2019-17644

An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php...

Design/Logic Flaw

An issue was discovered in Centreon before 2.8-30, 18.10-8, 19.04-5, and 19.10-2.. It provides sensitive information via an unauthenticated direct request for include/configuration/configObject/host/refreshMacroAjax.php...

Design/Logic Flaw

An issue was discovered in Centreon before 2.8-30,18.10-8, 19.04-5, and 19.10-2. It provides sensitive information via an unauthenticated direct request for include/monitoring/recurrentDowntime/GetXMLHost4Services.php...