21 matches found
CVE-2026-40245
CVE-2026-40245 concerns Free5GC’s UDR service (versions 4.2.1 and below) where an information disclosure occurs via the 5G SBI endpoint GET /nudr-dr/v2/application-data/influenceData/subs-to-notify. When required query parameters are missing, the handler returns a 400 but does not stop execution,...
Microsoft Windows searchConnector-ms NTLM Response Information Disclosure Vulnerability
This vulnerability allows remote attackers to disclose NTLM responses on affected installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the parsing of...
CVE-2025-67874 ChurchCRM has plaintext password return in response
ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other...
CVE-2025-67874 ChurchCRM has plaintext password return in response
ChurchCRM is an open-source church management system. Prior to version 6.5.0, the application echoes back plaintext passwords submitted by users in subsequent HTTP responses. This information disclosure significantly increases the risk of credential compromise and may amplify the impact of other...
EUVD-2008-5483
Malware in sbrugna...
CVE-2024-49580
The CVE-2024-49580 issue affects JetBrains Ktor, specifically the HttpCache Plugin, due to improper caching that can disclose response information. Affected products/versions include Ktor before 2.3.13 (and, per PT-Security, before 3.0.0 for related caching behavior). The documented impact is inf...
CVE-2024-23677 Server Response Disclosure in RapidDiag Salesforce.com Log File
In Splunk Enterprise versions below 9.0.8, the Splunk RapidDiag utility discloses server responses from external applications in a log file...
Rocky Linux 8 : glibc (RLSA-2023:5455)
The remote Rocky Linux 8 host has packages installed that are affected by multiple vulnerabilities as referenced in the RLSA-2023:5455 advisory. - A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via...
Amazon Linux 2023 : compat-libpthread-nonshared, glibc, glibc-all-langpacks (ALAS2023-2023-359)
It is, therefore, affected by multiple vulnerabilities as referenced in the ALAS2023-2023-359 advisory. A flaw was found in glibc. When the getaddrinfo function is called with the AFUNSPEC address family and the system is configured with no-aaaa mode via /etc/resolv.conf, a DNS response via TCP...
SUSE CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
ROS-2-1229
2.1229 Multiple vulnerabilities in Apache Tomcat CVE-2021-25122, CVE-2021-25329 1. Vulnerability Description: CVE-2021-25122 CVE-2021-25322 CVE-2021-25329 The vulnerability allows a remote attacker to gain access to sensitive information. The vulnerability exists due to mismanagement of internal...
Security Bulletin: Vulnerabilities have been addressed in IBM Cloud Pak System (Dec 2020)
Summary Multiple vulnerabilities have been identified and addressed in IBM Cloud Pak System. Vulnerability Details CVEID: CVE-2020-4928 DESCRIPTION: IBM Cloud Pak System could allow a local privileged attacker to upload arbitrary files. By intercepting the request and modifying the file extention...
Flash "Rosetta" JSONP GET/POST Response Disclosure
A website that serves a JSONP endpoint that accepts a custom alphanumeric callback of 1200 chars can be abused to serve an encoded swf payload that steals the contents of a same-domain URL. Flash 'Flash "Rosetta" JSONP GET/POST Response Disclosure', 'Description' = %q A website that serves a JSON...
GLSA-200906-04 : Apache Tomcat JK Connector: Information disclosure
The remote host is affected by the vulnerability described in GLSA-200906-04 Apache Tomcat JK Connector: Information disclosure The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the 'Content-Length' header while not providing data and 2 clients...
Apache Tomcat JK Connector: Information disclosure
Background The Apache Tomcat JK Connector aka modjk connects the Tomcat application server with the Apache HTTP Server. Description The Red Hat Security Response Team discovered that modjk does not properly handle 1 requests setting the "Content-Length" header while not providing data and 2 clien...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Design/Logic Flaw
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
CVE-2008-5506
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...
Firefox XMLHttpRequest 302 response disclosure
Mozilla Firefox 3.x before 3.0.5 and 2.x before 2.0.0.19, Thunderbird 2.x before 2.0.0.19, and SeaMonkey 1.x before 1.1.14 allows remote attackers to bypass the same origin policy by causing the browser to issue an XMLHttpRequest to an attacker-controlled resource that uses a 302 redirect to a...