'/WEB-INF../' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

'/WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. Copyright C 2021 Greenbone Networks GmbH Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

'/%20..\WEB-INF/' Information Disclosure Vulnerability (HTTP)

Various application or web servers / products are prone to an information disclosure vulnerability. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier:...

CVE-2020-13577

A denial-of-service vulnerability exists in the WS-Security plugin functionality of Genivia gSOAP 2.8.107. A specially crafted SOAP request can lead to denial of service. An attacker can send an HTTP request to trigger this vulnerability...

CVE-2021-22293

Some Huawei products have an inconsistent interpretation of HTTP requests vulnerability. Attackers can exploit this vulnerability to cause information leak. Affected product versions include: CampusInsight versions V100R019C10; ManageOne versions 6.5.1.1, 6.5.1.SPC100, 6.5.1.SPC200, 6.5.1RC1,...

CVE-2020-35391

CVE-2020-35391 affects Tenda N300 F3 firmware 12.01.01.48. A remote attacker can obtain sensitive information by directly requesting cgi-bin/DownloadCfg/RouterCfm.cfg, a vulnerability related to CVE-2017-14942 (authentication/config exposure via HTTP handling). Exploit code exists (Exploit-DB ent...

F5 BIG-IP AFM Memory Leak Vulnerability

F5 BIG-IP AFM is an advanced firewall product from F5 USA for protection against DDos attacks. A memory leak vulnerability exists in the BIG-IP AFM HTTP version 13.1.3.4, which stems from a traffic management microkernel TMM leaking memory when a security profile is applied to a virtual server, a...

CVE-2020-7539

A CWE-754 Improper Check for Unusual or Exceptional Conditions vulnerability exists in the Web Server on Modicon M340, Legacy Offers Modicon Quantum and Modicon Premium and associated Communication Modules see security notification for affected versions, that could cause a denial of service...

CVE-2020-14879

Vulnerability in the BI Publisher product of Oracle Fusion Middleware component: E-Business Suite - XDO. Supported versions that are affected are 5.5.0.0.0, 11.1.1.9.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows low privileged attacker with network access via HTTP to...

CVE-2020-14876

Vulnerability in the Oracle Trade Management product of Oracle E-Business Suite component: User Interface. Supported versions that are affected are 12.1.1 - 12.1.3 and 12.2.3 - 12.2.10. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: OSV:GHSA-7PHR-5M9X-RW9Q...

CVE-2020-14652

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Core. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0, 12.2.1.4.0 and 14.1.1.0.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to...

chatc-cli (>=0.1.7 <=0.1.9), fast-http-cli (>=0.0.1 <=0.0.8) potentially affected by CVE-2020-7687 via fast-http (>=0.1.2 <=0.1.3)

fast-http NPM version =0.1.2, =0.1.7, =0.0.1, =0.0.8 Source cves: CVE-2020-7687 Source advisory: SNYK:JS-FASTHTTP-572892...

Directory traversal

An issue was discovered in Mattermost Server before 5.21.0. mmctl allows directory traversal via HTTP, aka MMSA-2020-0014...

The vulnerability of the Administration component of the Oracle Marketing Encyclopedia System, a business automation system of Oracle E-Business Suite, allows an attacker to access, modify, add, or delete data, or to gain unauthorized access to protected information.

The vulnerability of the Administration component of the Oracle Marketing Encyclopedia System, a business automation system within the Oracle E-Business Suite, is related to inadequate access control mechanisms. Exploiting this vulnerability could allow an attacker to remotely gain access to...

Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution

!/usr/bin/env python3 -- coding: utf-8 -- Furukawa Electric ConsciusMAP 2.8.1 Java Deserialization Remote Code Execution Vendor: Furukawa Electric Co., Ltd. | Tecnored SA Product web page: https://www.furukawa.co.jp | https://www.tecnoredsa.com.ar Affected version: APROS Evolution | 2.8.1 FURUKAW...

CVE-2020-2869

Vulnerability in the Oracle WebLogic Server product of Oracle Fusion Middleware component: Console. Supported versions that are affected are 10.3.6.0.0, 12.1.3.0.0, 12.2.1.3.0 and 12.2.1.4.0. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromi...

NeteaseCloudMusicRustApi (=0.1.1), RustMusic (=0.1.0) +313 more potentially affected by CVE-2020-35901 via actix-http (>=0.1.5 <=1.0.1)

actix-http CARGO version =0.1.5, =0.1.0, =0.8.0, =0.1.8, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.1.0, =0.2.0 and more Source cves: CVE-2020-35901 Source advisory: OSV:RUSTSEC-2020-0048...

CVE-2020-2536

Vulnerability in the Oracle Outside In Technology product of Oracle Fusion Middleware component: Outside In Filters. The supported version that is affected is 8.5.4. Easily exploitable vulnerability allows unauthenticated attacker with network access via HTTP to compromise Oracle Outside In...

CVE-2019-19890

An issue was discovered on Humax Wireless Voice Gateway HGB10R-2 201608171855 devices. Admin credentials are sent over cleartext HTTP...