1284 matches found
CVE-2018-12923
CVE-2018-12923 : The BWS Systems HA-Bridge devices are vulnerable to an information-disclosure issue where a remote attacker can obtain sensitive information by issuing a direct request to the #!/system URI. The available documents identify this as a vulnerability in the HA-Bridge, describing the...
CVE-2018-12920
Brickstream 2300 devices allow remote attackers to obtain potentially sensitive information via a direct request for the basic.htmlipsettings or basic.htmldatadelivery URI...
CVE-2018-12921
Electro Industries GaugeTech Nexus devices allow remote attackers to obtain potentially sensitive information via a direct request for the meterinformation.htm, diagsystem.htm, or diagdnplanwan.htm URI...
CVE-2018-12927
CVE-2018-12927 affects Northern Electric & Power (NEP) inverter devices. The vulnerability is an information disclosure where a remote attacker can obtain potentially sensitive information by directly requesting the nep/status/index/1 URI. The Connected documents corroborate an NEP device context...
Design/Logic Flaw
Brynamics "Online Trade - Online trading and cryptocurrency investment system" allows remote attackers to obtain sensitive information via a direct request for the /dashboard/deposit URI, as demonstrated by discovering database credentials...
Information disclosure
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
CVE-2018-12735
SAJ Solar Inverter allows remote attackers to obtain potentially sensitive information via a direct request for the inverterinfo.htm or englishmain.htm URI...
Information disclosure
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI...
CVE-2018-12634
CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI...
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/yearmonthday.log...
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/yearmonthday.log...
CVE-2018-12604
GreenCMS 2.3.0603 allows remote attackers to obtain sensitive information via a direct request for Data/Log/yearmonthday.log...
Default credentials
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...
CVE-2018-12594
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...
CVE-2018-12594
Reliable Controls MACH-ProWebCom 7.80 devices allow remote attackers to obtain sensitive information via a direct request for the data/fileinfo.xml or job/job.json file, as demonstrated the Master Password field...
perfSONAR Monitoring and Debugging Dashboard Information Disclosure Vulnerability (CNVD-2018-23859)
The perfSONAR Monitoring and Debugging Dashboard MaDDash is a suite of tools for collecting two-dimensional data and presenting it visually. A security vulnerability exists in perfSONAR MaDDash. The vulnerability can be exploited by sending a direct request to /etc/ to obtain a directory listing...
CVE-2018-12524
An issue was discovered in perfSONAR Monitoring and Debugging Dashboard MaDDash 2.0.2. A direct request to /lib/ provides a directory listing...
Information disclosure
The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager TADDM 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354...
CVE-2018-10082
CMS Made Simple CMSMS through 2.2.7 allows physical path leakage via an invalid /index.php?page= value, a crafted URI starting with /index.php?mact=Search, or a direct request to /admin/header.php, /admin/footer.php, /lib/tasks/class.ClearCache.task.php, or...
Information disclosure
joyplus-cms 1.6.0 allows remote attackers to obtain sensitive information via a direct request to the install/ or log/ URI...