CVE-2014-8722

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 data/users/.xml, 2 backups/users/.xml.bak, 3 data/other/authorization.xml, or 4 data/other/appid.xml...

CVE-2015-3881

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to 1 core/config/databases.yml, 2 core/log/qdPMprod.log, or 3 core/apps/qdPM/config/settings.yml...

CVE-2015-3881

Information disclosure issue in qdPM 8.3 allows remote attackers to obtain sensitive information via a direct request to 1 core/config/databases.yml, 2 core/log/qdPMprod.log, or 3 core/apps/qdPM/config/settings.yml...

CVE-2014-8723

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

CVE-2015-6023

ping.cgi in NetCommWireless HSPA 3G10WVE wireless routers with firmware before 3G10WVE-L101-S306ETS-C01R05 allows remote attackers to bypass intended access restrictions via a direct request. NOTE: this issue can be combined with CVE-2015-6024 to execute arbitrary commands...

CVE-2015-2794

The installation wizard in DotNetNuke DNN before 7.4.1 allows remote attackers to reinstall the application and gain SuperUser access via a direct request to Install/InstallWizard.aspx...

ownCloud Direct Request Security Bypass Vulnerability

OwnCloud is a free and open source personal cloud storage solution from German company OwnCloud, which provides file management, music storage, calendaring, etc. OwnCloud Server is a server version. A security vulnerability exists in versions of ownCloud server before 8.2.6 and version 9.x before...

CVE-2016-0870

The web server in Trane Tracer SC 4.2.1134 and earlier allows remote attackers to read sensitive configuration files via a direct request...

Multiple Vendors 'securitydbData.xml' Information Disclosure Vulnerability - Active Check

It is possible to obtain credentials via a direct request to conf/securitydbData.xml. SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if...

CVE-2016-5667

Crestron Electronics DM-TXRX-100-STR devices with firmware before 1.3039.00040 allow remote attackers to bypass authentication via a direct request to a page other than index.html...

TUTOS phpinfo() Information Disclosure (HTTP) - Active Check

TUTOS allows remote attackers to read system information via a direct request to php/admin/phpinfo.php, which calls the phpinfo function. SPDX-FileCopyrightText: 2016 SCHUTZWERK GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right...

CVE-2016-2293

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL...

Design/Logic Flaw

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL...

CVE-2016-2293

The AXM-NET module in Accuenergy Acuvim II NET Firmware 3.08 and Acuvim IIR NET Firmware 3.08 allows remote attackers to discover settings via a direct request to an unspecified URL...

PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities

PQI Air Pen Express 6W51-0000R26W51-0000R2XXX - Multiple Vulnerabilities | | | | | | | | | | | | / | '\ \ /\ / / \ | | |/ | ' / | | | | \ V V / / | | | | | | \ \ /|| // ||||,|./|/ Security Adivisory 2016-04-03 www.orwelllabs.com Twitter:@orwelllabs magicword: d0ubl3th1nk1ng... Overview...

CVE-2016-1524

Multiple unrestricted file upload vulnerabilities in NETGEAR Management System NMS300 1.5.0.11 and earlier allow remote attackers to execute arbitrary Java code by using 1 fileUpload.do or 2 lib-1.0/external/flash/fileUpload.do to upload a JSP file, and then accessing it via a direct request for ...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

CVE-2016-1316

Cisco TelePresence Video Communication Server VCS X8.1 through X8.7, as used in conjunction with Jabber Guest, allows remote attackers to obtain sensitive call-statistics information via a direct request to an unspecified URL, aka Bug ID CSCux73362...

CVE-2016-1317

Cisco Unified Communications Manager 11.50.98000.480 allows remote authenticated users to obtain sensitive database table-name and entity-name information via a direct request to an unspecified URL, aka Bug ID CSCuy11098...

Information disclosure

The sidepanel widgets in the CLI command overview and help pages in Jenkins before 1.638 and LTS before 1.625.2 allow remote attackers to obtain sensitive information via a direct request to the pages...