answer information disclosure vulnerability (CNVD-2023-29790)

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

Information disclosure

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

Slims9 Bulian 安全漏洞

Slims9 Bulian is a free and open source software from the Indonesian Slims community. It is used for library resource management e.g., books, journals, digital files, and other library materials and administration. A security vulnerability exists in Slims9 Bulian version v9.5.2. An attacker...

CVE-2023-29850

SENAYAN Library Management System SLiMS Bulian v9.5.2 does not strip exif data from uploaded images. This allows attackers to obtain information such as the user's geolocation and device information...

Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

GHSA-65V8-6PVW-JWVQ Answer vulnerable to Insertion of Sensitive Information Into Sent Data

answerdev/answer is an open-source knowledge-based community software. Answer prior to 1.0.8 does not strip EXIF geolocation data from user-uploaded logos. As a result, anyone can get sensitive information like a user's device ID, geolocation, system information, system version, etc...

answer 安全漏洞

answer is an open source knowledge-based community software. An information disclosure vulnerability exists in versions of answer prior to 1.0.8. The vulnerability stems from the fact that when a user uploads his logo, the EXIF geolocation data of the uploaded image is not stripped. An attacker...

PT-2023-17383 · Unknown · Answerdev/Answer

Name of the Vulnerable Software and Affected Versions: answerdev/answer versions prior to 1.0.8 Description: The issue concerns the insertion of sensitive information into sent data. Specifically, answerdev/answer, an open-source knowledge-based community software, does not strip EXIF geolocation...

Keysight N6845A Geolocation Server

1. EXECUTIVE SUMMARY CVSS v3 7.8 ATTENTION: Low attack complexity Vendor: Keysight Technologies Equipment: N6854A Geolocation Sever Vulnerability: Deserialization of Untrusted Data 2. RISK EVALUATION Successful exploitation of this vulnerability could allow an attacker to escalate privileges in...

CVE-2023-1399

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution...

Deserialization of untrusted data

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution...

CVE-2023-1399

The CVE-2023-1399 vulnerability affects Keysight N6854A Geolocation Server, version 2.4.2 (and earlier). It is described as a deserialization of untrusted data (CWE-502) that may allow a malicious actor to escalate privileges in the device’s default configuration and achieve remote code execution...

CVE-2023-1399

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution...

CVE-2023-1399

N6854A Geolocation Server versions 2.4.2 are vulnerable to untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device’s default configuration and achieve remote code execution...

PT-2023-16956 · Unknown · N6854A Geolocation Server

Name of the Vulnerable Software and Affected Versions: N6854A Geolocation Server version 2.4.2 Description: The issue concerns untrusted data deserialization, which may allow a malicious actor to escalate privileges in the affected device's default configuration and achieve remote code execution...

Keysight Technologies N6854A Geolocation server 代码问题漏洞

Keysight Technologies N6854A Geolocation server is a geolocation server from Keysight Technologies. A security vulnerability in the Keysight Technologies N6854A Geolocation server version 2.4.2, which stems from the server's susceptibility to untrusted data deserialization, can be exploited by an...

EXIF Geolocation Data Not Stripped From brand logo

When the user uploads his logo, the uploaded image’s EXIF Geo-location Data does not get stripped. As a result, anyone can get sensitive information like user's Device ID, Geo Location, System Information, System version, ETC. Step to reproduce: 1. Upload logo with EXIF DATA, or download from her...

IpGeo - Tool To Extract IP Addresses From Captured Network Traffic File

IpGeo is a python tool to extract IP addresses from captured network traffic file pcap/pcapng and generate csv report containing details about the geolocation of each ip in the packets. The report contains: 1. Country: 2. Country Code. 3. Region 4. Region Name 5. City 6. Zip 7. Latitude 8...