106 matches found
Security Bulletin: Multiple vulnerabilities found in IBM QRadar SIEM and QRadar Risk Manager (CVE-2014-4832, CVE-2014-4831, CVE-2014-4829, CVE-2014-4829, CVE-2014-6075)
Summary There are multiple security vulnerabilities in various components used by IBM QRadar in versions 7.1 MR2 and 7.2.3. Vulnerability Details CVEID: CVE-2014-4832 Description: A vulnerability in the IBM QRadar Risk Manager application could allow a remote attacker to obtain sensitive...
PT-2022-17140 · Jenkins · Jenkins Checkmarx Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Checkmarx Plugin versions 2022.1.2 and earlier Description: The issue is related to missing permission checks in the Jenkins Checkmarx Plugin, allowing attackers with Overall/Read permission to connect to an attacker-specified webserv...
Multiple vulnerabilities in KONICA MINOLTA MFPs and printing systems
Overview Multi-function printers MFP and printing systems provided by KONICA MINOLTA, INC. contain multiple vulnerabilities listed below. Incorrect authorization CWE-863 - CVE-2021-20868 Exposure of sensitive information to an unauthorized actor CWE-200 - CVE-2021-20869 Improper handling of...
Privilege Escalation
ansible-tower is vulnerable to privilege escalation. The vulnerability exists due to application credentials exposed to playbook job runs via environment variables...
in cythron/gcp
✍️ Description Hard-Coded User Credentials are exposed in the docker file. 🕵️♂️ Proof of Concept https://github.com/cythron/gcp/blob/master/%23DockerfileL20 💥 Impact Attacker is capable of login using given credentials...
IBM OpenPages with Watson 跨站脚本漏洞
OpenPages with Watson is an AI-powered financial risk analytics solution. The platform is based on AI technology to predict risk factors and minimize risks in financial activities by integrating, automatically identifying, measuring, monitoring, analyzing, and managing risk data through a number ...
Mail.ru: Exposed Credentials May Leads to Tarantool Infrastructure Leak
Application configuration data related to Tarantool project was leaked on github.com...
CVE-2020-7945
Local registry credentials were included directly in the CD4PE deployment definition, which could expose these credentials to users who should not have access to them. This is resolved in Continuous Delivery for Puppet Enterprise 4.0.1...
CVE-2019-20150
In TreasuryXpress 19191105, a logged-in user can discover saved credentials, even though the UI hides them. Using functionality within the application and a malicious host, it is possible to force the application to expose saved SSH/SFTP credentials. This can be done by using the application's...
Joomla! 2.5.x < 3.9.20 Multiple Vulnerabilities
According to its self-reported version, the instance of Joomla! running on the remote web server is 2.5.x prior to 3.9.20. It is, therefore, affected by multiple vulnerabilities. - A missing token check in the ajaxinstall endpoint cominstaller causes a CSRF vulnerability. - Missing validation...
Design/Logic Flaw
An issue was discovered in Lightbend Play Framework 2.5.x through 2.6.23. When configured to make requests using an authenticated HTTP proxy, play-ws may sometimes, typically under high load, when connecting to a target host using https, expose the proxy credentials to the target host...
The vulnerability of the /cgi/loginDefaultUser component of the CGI HTTP-server interface of the IDAL user interface design tool PB610 Panel Builder 600 (SAP500900R0101) allows a attacker to escalate their privileges.
The vulnerability of the /cgi/loginDefaultUser component of the CGI HTTP-server interface of the IDAL user interface design tool, PB610 Panel Builder 600 SAP500900R0101, is related to authentication process errors. Exploiting this vulnerability allows an attacker to escalate their privileges by...
PT-2019-11322 · Jenkins · Jenkins Cloud Foundry Plugin +1
Name of the Vulnerable Software and Affected Versions: Jenkins Cloud Foundry Plugin versions 2.3.1 and earlier Description: A sensitive information exposure issue exists, allowing attackers with Overall/Read access to connect to a specified URL using attacker-specified credentials IDs, potentiall...
GHSA-WWW2-V7XJ-XRC6 Exposure of Sensitive Information to an Unauthorized Actor in urllib3
urllib3 before version 1.23 does not remove the Authorization HTTP header when following a cross-origin redirect i.e., a redirect that differs in host, port, or scheme. This can allow for credentials in the Authorization header to be exposed to unintended hosts or transmitted in cleartext...
Elastic Cloud Enterprise (ECE) Information Disclosure Vulnerability
Elastic Cloud Enterprise ECE is a suite of software packages for managing, monitoring, and configuring Elasticsearch, Kibana, and X-Pack from Elasticsearch Netherlands. An information disclosure vulnerability exists in Elastic Cloud Enterprise ECE, which can be exploited by an attacker to obtain...
Apache LDAP API Information Disclosure Vulnerability
Apache LDAP API is a U.S. Apache Apache Software Foundation API for accessing LDAP servers. A security vulnerability exists in Apache LDAP API versions prior to 1.0.2. An attacker can exploit the vulnerability to disclose information including: credentials contained in a request...
Design/Logic Flaw
An issue was discovered in config/error.php in Anchor 0.12.3. The error log is exposed at an errors.log URI, and contains MySQL credentials if a MySQL error such as "Too many connections" has occurred...
Genexis Automatic Provisioning System Access Control Vulnerability
The Genexis Automatic Provisioning System GAPS is a system for automatic configuration of routers and networks from the Dutch company GENEXIS. An access control vulnerability exists in GAPS 7.2 and earlier versions. An attacker can exploit this vulnerability to obtain configured setup information...
Design/Logic Flaw
An issue was discovered in EMC ScaleIO 2.0.1.x. In a Linux environment, one of the support scripts saves the credentials of the ScaleIO MDM user who executed the script in clear text in temporary log files. The temporary files may potentially be read by an unprivileged user with access to the...
Ayuda! (Help!) Equifax Has My Data!
Equifax last week disclosed a historic breach involving Social Security numbers and other sensitive data on as many as 143 million Americans. The company said the breach also impacted an undisclosed number of people in Canada and the United Kingdom. But the official list of victim countries may n...