Arbitrary File Download Vulnerability in VUMC Cloud at Shanghai VUMC Software Co.

Ltd. is a foreign trade SaaS service provider, but also a professional foreign trade industry solutions provider. Ltd. VUMA Cloud suffers from an arbitrary file download vulnerability. An attacker can exploit the vulnerability to obtain source code information...

Information leakage vulnerability in the website building system of Gongyi Tongchuang Network Technology Service Co.

Gongyi Tongchuang Network Technology Service Co., Ltd. is a company specializing in providing comprehensive, thoughtful and professional Internet solutions, providing website construction, small program production, network promotion, jitterbug filming and production, foreign trade promotion,...

PT-2022-17695 · Grafana +2 · Grafana +2

Name of the Vulnerable Software and Affected Versions: Grafana versions through 7.3.4 Description: An issue was discovered in Grafana when integrated with Zabbix, allowing the Zabbix password to be found in the "api jsonrpc.php" HTML source code. When a user logs in and is allowed to register, on...

Microsoft Says SolarWinds Hackers Accessed Some of Its Source Code

Microsoft on Thursday revealed that the threat actors behind the SolarWinds supply chain attack were able to gain access to a small number of internal accounts and escalate access inside its internal network. The "very sophisticated nation-state actor" used the unauthorized access to view, but no...

CVE-2020-27125

A vulnerability in Cisco Security Manager could allow an unauthenticated, remote attacker to access sensitive information on an affected system. The vulnerability is due to insufficient protection of static credentials in the affected software. An attacker could exploit this vulnerability by...

55 New Security Flaws Reported in Apple Software and Services

A team of five security researchers analyzed several Apple online services for three months and found as many as 55 vulnerabilities, 11 of which are critical in severity. The flaws — including 29 high severity, 13 medium severity, and 2 low severity vulnerabilities — could have allowed an attacke...

The vulnerability of the CX-Programmer and micro-programming software of PLC Omron CJ2M and Omron CJ2H lies in the reversibility of the password encoding method. This allows attackers to obtain access passwords to the controllers.

The vulnerability of the development environment “CX-Programmer,” which is part of the software suite “CX-One” designed for programming and configuring Omron PLCs, as well as Omron microcontrollers like CJ2M and CJ2H, is related to the reversibility of the password encoding method. Exploiting thi...

CVE-2017-9368

An information disclosure vulnerability in the BlackBerry Workspaces Server could result in an attacker gaining access to source code for server-side applications by crafting a request for specific files...

CVE-2017-9368

CVE-2017-9368 affects BlackBerry Workspaces Server. An information disclosure vulnerability allows an attacker to gain access to source code for server‑side applications by crafting requests for specific files. Exploitation is shown as network‑accessible with low attack complexity and no authenti...

MGASA-2017-0352 Updated tomcat packages fix security vulnerability

The CORS Filter did not add an HTTP Vary header indicating that the response varies depending on Origin. This permitted client and server side cache poisoning in some circumstances CVE-2017-7674. When using a VirtualDirContext it was possible to bypass security constraints and/or view the source...

PNMsoft Sequence Kinetics Information Disclosure Vulnerability

PNMsoft Sequence Kinetics is a suite of intelligent workflow applications from PNMsoft that can organize modeling, design, and execution.Form Controls CSS is one of the control form CSS files. A security vulnerability exists in the Form Controls CSS file in PNMsoft Sequence Kinetics 7.5 and earli...

[Introspy] Monitor app in your iDevice

The Problem In 2013, assessing the security of iOS applications still involves a lot of manual, time-consuming tasks - especially when performing a black-box assessment. Without access to source code, a comprehensive review of these application currently requires in-depth knowledge of various API...

GLSA-201206-13 : Mono: Multiple vulnerabilities

The remote host is affected by the vulnerability described in GLSA-201206-13 Mono: Multiple vulnerabilities Multiple vulnerabilities have been discovered in Mono and Mono debugger. Please review the CVE identifiers referenced below for details. Impact : A remote attacker could execute arbitrary...

CVE-2010-4225

Unspecified vulnerability in the modmono module for XSP in Mono 2.8.x before 2.8.2 allows remote attackers to obtain the source code for .aspx ASP.NET applications via unknown vectors related to an "unloading bug."...

CVE-2009-2301

The CVE-2009-2301 entry concerns the Radware AppWall Web Application Firewall (WAF) version 1.0.2.6 with Gateway 4.6.0.2. The vulnerability allows remote attackers to read source code by directly requesting one of three files (Management/.)(funcs.inc, defines.inc, msg.inc). The underlying issue i...

MODx 0.9.6.1 - 'htcmime.php' Source Code Information Disclosure

source: https://www.securityfocus.com/bid/27096/info MODx is prone to a vulnerability that allows attackers to access source code because the application fails to properly sanitize user-supplied input. An attacker can exploit this vulnerability to retrieve arbitrary files from the vulnerable syst...

Simple HTTPD multiple security vulnerabilities

Directory traversal, script source code access...

EUVD-2007-0583

include/debug.php in Webfwlog 0.92 and earlier, when registerglobals is enabled, allows remote attackers to obtain source code of files via the conffile parameter. NOTE: some of these details are obtained from third party information. It is likely that this issue can be exploited to conduct...

Multiple IBM Websphere security vulnerabilities

JSP pages source code access...

CVE-2005-3747

Unspecified vulnerability in Jetty before 5.1.6 allows remote attackers to obtain source code of JSP pages, possibly involving requests for .jsp files with URL-encoded backslash "%5C" characters. NOTE: this might be the same issue as CVE-2006-2758...