73 matches found
CVE-2022-34535
Digital Watchdog DW MEGApix IP cameras A7.2.220211029 allows unauthenticated attackers to view internal paths and scripts via web files...
Exploit for Cross-site Scripting in Phplist
CVE-2025-28074 Suggested description phpList prior to 3.6.3...
CVE-2025-0279
HCL Traveler generates some error messages that provide detailed information about errors and failures, such as internal paths, file names, sensitive tokens, credentials, error codes, or stack traces. Attackers could exploit this information to gain insights into the system's architecture and...
PT-2025-14808 · Hcl · Hcl Traveler
Name of the Vulnerable Software and Affected Versions: HCL Traveler affected versions not specified Description: The issue concerns error messages generated by HCL Traveler that may contain sensitive information, including internal paths, file names, tokens, credentials, error codes, or stack...
TikTok: Stored XSS on TikTok's backend leads to the leakage of highly sensitive administrator data (Cookies, API Keys, Internal Paths, Emails, phone numbers).
A stored cross-site scripting vulnerability was discovered in TikTok's contact form backend. Malicious code submitted through the form executed when administrators viewed the submission, exposing sensitive internal data such as cookies, API keys, internal paths, emails, and phone numbers...
AZL-53694 CVE-2024-50163 affecting package kernel for versions less than 5.15.173.1-1
In the Linux kernel, the following vulnerability has been resolved: bpf: Make sure internal and UAPI bpfredirect flags don't overlap The bpfredirectinfo is shared between the SKB and XDP redirect paths, and the two paths use the same numeric flag values in the ri-flags field specifically,...
Apache OFBiz createRegister Error Message Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose sensitive information on affected installations of Apache OFBiz. Authentication is not required to exploit this vulnerability. The specific flaw exists within the createRegister method. The issue results from outputting an error message that...
Code injection
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...
CVE-2023-48308
CVE-2023-48308 affects the Nextcloud Calendar app. The authenticated user can trigger an error while editing a calendar appointment that exposes the server’s stacktrace and internal paths. Affected software: Nextcloud Calendar prior to version 4.5.3. Root cause: error handling leaks internal debu...
CVE-2023-48308 Calendar app returns full stacktrace when an error happens while editing appointment
Nextcloud/Cloud is a calendar app for Nextcloud. An attacker can gain access to stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. It is recommended that the Nextcloud Calendar app is upgraded to 4.5.3...
Nextcloud Security Breach
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in versions of Nextcloud Calendar prior to 4.5.3, which stems from an attacker being able to access the stack trace and...
PT-2023-30770 · Nextcloud · Nextcloud Calendar
Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 4.5.3 Description: An issue exists where an attacker can gain access to the stacktrace and internal paths of the server when generating an exception while editing a calendar appointment. Recommendation...
Calendar app returns full stacktrace when an error happens while editing appointment
None...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
Hitachi eSOMS Information Disclosure Vulnerability
Hitachi eSOMS is an application software from Hitachi, Ltd. a shift operations management system for the power generation industry. A security vulnerability exists in Hitachi eSOMS, which stems from the presence of an information disclosure vulnerability. An attacker could exploit the vulnerabili...
Code injection
Calendar app for Nextcloud easily sync events from various devices with your Nextcloud. Some internal paths of the website are disclosed when the SMTP server is unavailable. It is recommended that the Calendar app is updated to 3.5.5 or 4.2.3...
Nextcloud Calendar 安全漏洞
Nextcloud is an open source suite of self-hosted file synchronization and sharing communication application platform from Nextcloud, Germany. A security vulnerability exists in Nextcloud Calendar v4.2.2 and earlier, v3.5.4 and earlier, which stems from the disclosure of certain internal paths to ...
PT-2023-24200 · Nextcloud +1 · Nextcloud Calendar +1
Name of the Vulnerable Software and Affected Versions: Nextcloud Calendar app versions prior to 3.5.5 Nextcloud Calendar app versions prior to 4.2.3 Description: The issue concerns the disclosure of internal website paths when the SMTP server is unavailable. This affects the functionality of the...
U.S. Dept Of Defense: springboot actuator is leaking internals at ██████████
Proof of Concept If you go to https://█████████/actuator you'll get a complete overview of all the endpoints that are accessable Suggestion: Use a Firefox Browser if possible, its json representation is well formed and the links are clickable ██████████ Impact Information Disclosure...
CVE-2022-34535
Digital Watchdog DW MEGApix IP cameras A7.2.220211029 allows unauthenticated attackers to view internal paths and scripts via web files...