Lucene search
K

3858 matches found

Prion
Prion
added 2021/07/26 12:15 p.m.12 views

Information disclosure

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

5CVSS4.8AI score0.01275EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/26 12:10 p.m.20 views

CVE-2021-29784

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

4.3CVSS4.4AI score0.00982EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/26 12:10 p.m.19 views

CVE-2021-20430

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...

5.3CVSS5AI score0.01275EPSS
Exploits0References2
CVE
CVE
added 2021/07/26 12:10 p.m.50 views

CVE-2021-20430

CVE-2021-20430 affects IBM i2 Analyst’s Notebook Premium (IBM i2 Analyze 4.3.0, 4.3.1, 4.3.2). A remote attacker could obtain sensitive information when a detailed technical error message is returned in the browser, enabling information disclosure. Affected products and versions are IBM i2 Analyz...

5.3CVSS4.8AI score0.01275EPSS
Exploits0References2Affected Software1
WPVulnDB
WPVulnDB
added 2021/07/24 12:0 a.m.26 views

Project Status <= 1.6 - Reflected Cross-Site Scripting (XSS)

The pspinduplicatepostsaveasnewpost function of the plugin does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue PoC Open the below URL as any authenticated user...

3.5CVSS5.2AI score0.00675EPSS
Exploits2References1Affected Software1
Prion
Prion
added 2021/07/23 8:15 p.m.15 views

Code injection

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache function in top.php...

5CVSS5.2AI score0.00934EPSS
Exploits1References1Affected Software1
Cvelist
Cvelist
added 2021/07/23 7:39 p.m.14 views

CVE-2021-25809

UCMS 1.5.0 was discovered to contain a physical path leakage via an error message returned by the adminchannelscache function in top.php...

5.4AI score0.00934EPSS
Exploits1References1
Prion
Prion
added 2021/07/21 9:15 p.m.14 views

Design/Logic Flaw

Combodo iTop is a web based IT Service Management tool. In versions prior to 2.7.4, a non admin user can get access to many class/field values through GroupBy Dashlet error message. This issue is fixed in versions 2.7.4 and 3.0.0...

4CVSS6.2AI score0.00779EPSS
Exploits0References1Affected Software1
Hacker One
Hacker One
added 2021/07/17 2:22 p.m.14 views

Shopify: Staff who only have apps and channels permission can do a takeover account at the wholesale store (Bypass get invitation link)

When we invite customers at the wholesale store there is a feature to "Send invite" and "Get invite link" the get invite link feature displays the customner invitation link and can only be used once, but when the customer has accepted the invitation and actived their account already have access t...

6.7AI score
Exploits0
NVD
NVD
added 2021/07/15 6:15 p.m.10 views

CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660...

4CVSS0.00966EPSS
Exploits0References2
Prion
Prion
added 2021/07/15 6:15 p.m.20 views

Information disclosure

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973...

4CVSS3.3AI score0.00966EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/15 5:15 p.m.12 views

CVE-2021-20523

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 198660...

2.7CVSS3.4AI score0.00966EPSS
Exploits0References2
Cvelist
Cvelist
added 2021/07/15 5:15 p.m.15 views

CVE-2021-20499

IBM Security Verify Access Docker 10.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 197973...

2.7CVSS3.4AI score0.00966EPSS
Exploits0References2
Atlassian
Atlassian
added 2021/07/15 9:11 a.m.29 views

Preventing path disclosure in file upload functionality and Page export for security purposes

h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...

1.5AI score
Exploits0Affected Software1
Atlassian
Atlassian
added 2021/07/15 9:11 a.m.22 views

Preventing path disclosure in file upload functionality and Page export for security purposes

h3. Issue Summary While performing the file upload vulnerability test in confluence application, we are able to identify the sensitive path disclosure in following cases. • When we attached some malicious file and tried to downloading all attachments. • When we uploaded malicious file and tried t...

1.5AI score
Exploits0
NVD
NVD
added 2021/07/13 4:15 p.m.9 views

CVE-2021-20424

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309...

4.3CVSS0.00982EPSS
Exploits0References2
Prion
Prion
added 2021/07/13 4:15 p.m.18 views

Information disclosure

IBM Cloud Pak for Applications 4.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. X-Force ID: 196309...

4CVSS4.2AI score0.00982EPSS
Exploits0References2Affected Software1
ICS
ICS
added 2021/07/13 12:0 a.m.69 views

Siemens Teamcenter Active Workspace

1. EXECUTIVE SUMMARY CVSS v3 6.1 ATTENTION : Exploitable remotely/low attack complexity Vendor : Siemens Equipment : Teamcenter Active Workspace Vulnerabilities : Generation of Error Message Containing Sensitive Information, Cross-site Scripting, Exposure of Sensitive Information to an...

6.1CVSS6.4AI score0.00897EPSS
Exploits0References11
Prion
Prion
added 2021/07/07 5:15 p.m.15 views

Information disclosure

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219...

4CVSS4.7AI score0.00629EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2021/07/07 4:30 p.m.15 views

CVE-2021-20417

IBM Guardium Data Encryption GDE 4.0.0.4 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196219...

4.3CVSS4.3AI score0.00629EPSS
Exploits0References2
Rows per page
Query Builder