Authentication flaw

ProjectSend formerly cFTP r582 allows authentication bypass via a direct request for users.php, home.php, edit-file.php?fileid=1, or process-zip-download.php, or adduserform parameters to users-add.php...

Authentication flaw

IBM Rational Engineering Lifecycle Manager 5.0 through 5.02 and 6.0 through 6.0.6 could allow remote attackers to bypass authentication via a direct request or forced browsing to a page other than URL intended. IBM X-Force ID: 142561...

Information disclosure

An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt...

CVE-2018-17091

An issue was discovered in DonLinkage 6.6.8. It allows remote attackers to obtain potentially sensitive information via a direct request for files/temporary.txt...

CVE-2018-15534

Geutebrueck reporter 16 before 7.8.974.20 has a possibility of unauthenticated access to sensitive information including usernames and hashes via a direct request for /statistics/gscsetup.xml on TCP port 12003...

CVE-2018-14077

Wi2be SMART HP WMT R1.2.20201400922 allows unauthorized remote attackers to backup the device configuration via a direct request to /Maintenance/configfile.cfg...

CVE-2018-14941

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Online Trade 1 - Information Disclosure

Online Trade 1 - Information Disclosure Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Date: 2018-07-17 Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1...

Online Trade 1 Information Disclosure

Exploit Title: Online Trade 1 - Information Disclosure Exploit Author: Dhamotharan Date: 2018-07-17 Vendor Homepage: https://codecanyon.net/item/online-trade-online-forex-and-cryptocurrency-investment-system/21987193?srank=14 CVE : CVE-2018-14328 Version: 1 Tested on: Kali Linux Description :...

CVE-2018-14579

GolemCMS through 2008-12-24, if the install/ directory remains active after an installation, allows remote attackers to execute arbitrary PHP code by inserting this code into the "Database Information" "Table prefix" form field, or obtain sensitive information via a direct request for...

Information disclosure

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username...

CVE-2018-14328

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username...

CVE-2018-14328

Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, or /privacy&terms, as demonstrated by reading database username...

CVE-2018-14328

CVE-2018-14328 affects Brynamics “Online Trade” (online trading/cryptocurrency investment system). Connected sources confirm information disclosure via direct requests to endpoints such as /dashboard/addplan, /dashboard/paywithcard/charge, /dashboard/withdrawal, and /privacy&terms, leaking sensit...

Information disclosure

Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.htmlipsettings or basic.htmldatadelivery URI...

Information disclosure

BWS Systems HA-Bridge devices allow remote attackers to obtain potentially sensitive information via a direct request for the !/system URI...

Information disclosure

Northern Electric & Power NEP inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI...

CVE-2018-12921

Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meterinformation.htm, diagsystem.htm, or diagdnplanwan.htm URI...

CVE-2018-12927

Northern Electric & Power NEP inverter devices allow remote attackers to obtain potentially sensitive information via a direct request for the nep/status/index/1 URI...

CVE-2018-12920

The CVE-2018-12920 entry concerns Brickstream 2300 devices. Affected component: the device’s HTTP endpoints exposed via the URIs basic.html#ipsettings and basic.html#datadelivery. Root cause: information disclosure allowing remote attackers to obtain potentially sensitive information by directly ...