169 matches found
CVE-2020-23162
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...
Information disclosure
Sensitive information disclosure and weak encryption in Pyrescom Termod4 time management devices before 10.04k allows remote attackers to read a session-file and obtain plain-text user credentials...
CVE-2019-17655
A cleartext storage in a file or on disk CWE-313 vulnerability in FortiOS SSL VPN 6.2.0 through 6.2.2, 6.0.9 and earlier and FortiProxy 2.0.0, 1.2.9 and earlier may allow an attacker to retrieve a logged-in SSL VPN user's credentials should that attacker be able to read the session file stored on...
tomcat: deserialization flaw in session persistence storage leading to RCE
A deserialization flaw was discovered in Apache Tomcat's use of a FileStore. Under specific circumstances, an attacker can use a specially crafted request to trigger Remote Code Execution through deserialization of the file under their control. The highest threat from the vulnerability is to data...
Windows Gather Xshell and Xftp Passwords
This module can decrypt the password of xshell and xftp, if the user chooses to remember the password. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class MetasploitModule 'Windows Gather Xshell and Xftp Passwords',...
QRadar Community Edition 7.3.1.6 Path Traversal
------------------------------------------------------------------------ QRadar session manager path traversal vulnerability ------------------------------------------------------------------------ Yorick Koster, September 2019...
ALE Alcatel-Lucent Omnivista 4760 and ALE Alcatel-Lucent Omnivista 8770 Remote Code Execution Vulnerabilities
The ALE Alcatel-Lucent Omnivista 4760 and the ALE Alcatel-Lucent Omnivista 8770 are both products of ALE France.The ALE Alcatel-Lucent Omnivista 4760 is a network management system. The product includes alarm notification, OmniPCX configuration, performance analysis and Voice over IP monitoring.A...
CVE-2019-14782
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...
Cross site request forgery (csrf)
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.856 through 0.9.8.864 allows an attacker to get a victim's session file name from the /tmp directory, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to make a request to extract the victim's password for the OS...
CVE-2019-14782
CVE-2019-14782 affects CentOS Web Panel (CWP) versions 0.9.8.856–0.9.8.864. The issue allows an attacker to obtain a victim’s session file name from the /tmp directory and the token value from /usr/local/cwpsrv/logs/access_log, then use those to request the victim’s password (for the OS and phpMy...
CVE-2019-15235
CentOS-WebPanel.com aka CWP CentOS Web Panel 0.9.8.864 allows an attacker to get a victim's session file name from /home/USERNAME/tmp/session/sessxxxxxx, and the victim's token value from /usr/local/cwpsrv/logs/accesslog, then use them to gain access to the victim's password for the OS and...
PT-2019-13827 · Centos · Centos Web Panel
Name of the Vulnerable Software and Affected Versions: CentOS Web Panel versions 0.9.8.856 through 0.9.8.864 Description: The issue allows an attacker to obtain a victim's session file name from the /tmp directory and the victim's token value from /usr/local/cwpsrv/logs/access log. This informati...
Control Web Panel 0.9.8.864 phpMyAdmin Password Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title : CWP Control Web Panel phpMyAdmin password access Exploit Author : Pongtorn Angsuchotmetee, Nissana Sirijirakal, Narin Boonwasanarak Vendor Homepage : https://control-webpanel.com/ Software Link : Not available, user panel only...
eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit
Exploit for hardware platform in category web applications Exploit Title: eMerge50P 5000P 4.6.07 - Remote Code Execution Exploit Author: LiquidWorm Vendor Homepage: http://linear-solutions.com/nscfamily/e3-series/ Software Link: http://linear-solutions.com/nscfamily/e3-series/ Version: 4.6.07...
ClipSoft REXPERT Information Disclosure Vulnerability
ClipSoft REXPERT is a report generation program from ClipSoft Korea. An information disclosure vulnerability exists in ClipSoft REXPERT. An attacker can exploit the vulnerability to disclose a user's name via the session file path of HTTP response data...
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required...
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required...
Information disclosure
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required...
CVE-2019-17321
ClipSoft REXPERT 1.0.0.527 and earlier version have an information disclosure issue. When requesting web page associated with session, could leak username via session file path of HTTP response data. No authentication is required...
cPanel Injection Vulnerability (CNVD-2019-36149)
cPanel is a set of Web-based automated colocation platform from the US-based cPanel. The platform is primarily used to automate the management of websites and servers. An injection vulnerability exists in versions of cPanel prior to 70.0.23. An attacker can exploit this vulnerability to inject...