1238948 matches found
The vulnerability of the Directum HR Pro system, which exists due to insufficient verification of input data, allows a perpetrator to disclose protected information.
The vulnerability of the Directum HR Pro system exists due to insufficient verification of input data. Exploiting this vulnerability can allow a malicious actor to disclose protected information by sending a specially crafted POST request...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
firefox: thunderbird: Information disclosure, sandbox escape in the Security: Process Sandboxing component
A flaw was found in Firefox and Thunderbird. The Mozilla Foundation's Security Advisory describes the following issue: Information disclosure, sandbox escape in the Security: Process Sandboxing component...
Adobe Connect < 12.1.5 - Local File Disclosure
Adobe Connect versions 11.4.5 and earlier, 12.1.5 and earlier are affected by an Improper Access Control vulnerability that could result in a Security feature bypass. An attacker could leverage this vulnerability to impact the integrity of a minor feature. Exploitation of this issue does not...
Contest Gallery < 13.1.0.6 - SQL injection
The plugin does not have capability checks and does not sanitise or escape the cg-search-user-name-original parameter before using it in a SQL statement when exporting users from a gallery, which could allow unauthenticated to perform SQL injections attacks, as well as get the list of all users...
Wavlink WL-WN533A8 M33A8.V5030.190716 - Information Disclosure
An access control issue in the component /cgi-bin/ExportLogs.sh of Wavlink WL-WN533A8 M33A8.V5030.190716 allows unauthenticated attackers to download configuration data and log files and obtain admin credentials. id: CVE-2022-48164 info: name: Wavlink WL-WN533A8 M33A8.V5030.190716 - Information...
Seriously Simple Podcasting < 3.0.0 - Information Disclosure
The Seriously Simple Podcasting WordPress plugin before 3.0.0 discloses the Podcast owner's email address which by default is the admin email address via an unauthenticated crafted request. id: CVE-2023-6444 info: name: Seriously Simple Podcasting 3.0.0 - Information Disclosure author: s4e-io...
Fastify Swagger-UI - Information Disclosure
fastify-swagger-ui is a Fastify plugin for serving Swagger UI. Prior to 2.1.0, the default configuration of @fastify/swagger-ui without baseDir set will lead to all files in the module's directory being exposed via http routes served by the module. The vulnerability is fixed in v2.1.0. Setting th...
Drupal 11.x-dev - Full Path Disclosure
core/authorize.php in Drupal 11.x-dev allows Full Path Disclosure even when error logging is None if the value of hashsalt is filegetcontents of a file that does not exist. id: CVE-2024-45440 info: name: Drupal 11.x-dev - Full Path Disclosure author: DhiyaneshDK severity: medium description: |...
WordPress Core - Post Author Email Disclosure
WordPress Core is vulnerable to Sensitive Information Exposure in versions between 4.7.0 and 6.3.1 via the User REST endpoint. While the search results do not display user email addresses unless the requesting user has the 'listusers' capability, the search is applied to the useremail column. id:...
Hide My WP Ghost < 5.2.02 - Hidden Login Page Disclosure
The Hide My WP Ghost plugin does not prevent redirects to the login page via the authredirect WordPress function, allowing an unauthenticated visitor to access the hidden login page. id: CVE-2024-6420 info: name: Hide My WP Ghost 5.2.02 - Hidden Login Page Disclosure author: jpg0mez severity: hig...
ADB/Pirelli ADSL2/2+ Wireless Router P.DGA4001N - Information Disclosure
ADB formerly Pirelli Broadband Solutions P.DGA4001N router with firmware PDGTEFSP4.06L.6 does not properly restrict access to the web interface, which allows remote attackers to obtain sensitive information or cause a denial of service device restart as demonstrated by a direct request to 1...
Oracle GlassFish Server Open Source Edition 3.0.1 - Local File Inclusion
Oracle GlassFish Server Open Source Edition 3.0.1 build 22 is vulnerable to unauthenticated local file inclusion vulnerabilities that allow remote attackers to request arbitrary files on the server. id: CVE-2017-1000029 info: name: Oracle GlassFish Server Open Source Edition 3.0.1 - Local File...
Atlassian Confluence <5.8.17 - Information Disclosure
Atlassian Confluence before 5.8.17 contains an information disclsoure vulnerability. A remote authenticated user can read configuration files via the decoratorName parameter to 1 spaces/viewdefaultdecorator.action or 2 admin/viewdefaultdecorator.action. id: CVE-2015-8399 info: name: Atlassian...
WordPress WP Security Audit Log 3.1.1 - Information Disclosure
WordPress WP Security Audit Log 3.1.1 plugin is susceptible to information disclosure. Access to wp-content/uploads/wp-security-audit-log/ files is not restricted. An attacker can obtain sensitive information, modify data, and/or execute unauthorized operations. id: CVE-2018-8719 info: name:...
DedeCMS 5.7 - Path Disclosure
DedeCMS 5.7 allows remote attackers to discover the full path via a direct request for include/downmix.inc.php or inc/incarchivesfunctions.php id: CVE-2018-6910 info: name: DedeCMS 5.7 - Path Disclosure author: pikpikcu severity: high description: DedeCMS 5.7 allows remote attackers to discover t...
Jenkins <=2.218 - Information Disclosure
Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized operations...
Cisco Small Business WAN VPN Routers - Sensitive Information Disclosure
Cisco Small Business RV320 and RV325 Dual Gigabit WAN VPN Routers could allow an unauthenticated remote attacker to retrieve sensitive information due to improper access controls for URLs. An attacker could exploit this vulnerability by connecting to an affected device via HTTP or HTTPS and...
Cisco Linksys WVC54GCA 1.00R22/1.00R24 - Local File Inclusion
Cisco Linksys WVC54GCA 1.00R22/1.00R24 is susceptible to local file inclusion in adm/file.cgi because it allows remote attackers to read arbitrary files via a %2e. encoded dot dot or an absolute pathname in the nextfile parameter. id: CVE-2009-1558 info: name: Cisco Linksys WVC54GCA 1.00R22/1.00R...
Joomla! Component Percha Fields Attach 1.0 - Directory Traversal
A directory traversal vulnerability in the Percha Fields Attach comperchafieldsattach component 1.x for Joomla! allows remote attackers to read arbitrary files and possibly have unspecified other impacts via a .. dot dot in the controller parameter to index.php. id: CVE-2010-2036 info: name:...