5327 matches found
CVE-2019-16396
GnuCOBOL 2.2 is affected by a use-after-free in the end_scope_of_program_name() function of cobc/parser.y triggered by crafted COBOL source code. Root cause is a memory management flaw in that parser path, leading to use-after-free. CVSS details show a CVSS‑3.1 base score of 7.8 (HIGH) with local...
CVE-2019-16396
GnuCOBOL 2.2 has a use-after-free in the endscopeofprogramname function in cobc/parser.y via crafted COBOL source code...
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
Design/Logic Flaw
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
CVE-2019-16313
CVE-2019-16313 affects ifw8 Router ROM v4.31. According to the connected Nuclei template, it enables credential disclosure by reading the action/usermanager.htm HTML source code. Impact is described as credential exposure with no full exploit details provided in the documents; CVSSv3.1 base score...
CVE-2019-16313
ifw8 Router ROM v4.31 allows credential disclosure by reading the action/usermanager.htm HTML source code...
CVE-2019-13534
Philips IntelliVue WLAN, portable patient monitors, WLAN Version A, Firmware A.03.09, WLAN Version A, Firmware A.03.09, Part : M8096-67501, WLAN Version B, Firmware A.01.09, Part : N/A Replaced by Version C and WLAN Version B, Firmware A.01.09, Part : N/A Replaced by Version C. The product...
U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak
Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...
U.S. Dept Of Defense: Directory Indexing on the ████ (https://████/) leads to the backups disclosure and credentials leak
Description During poking around █████████/24 range - █████ looking for the Cisco devices, I came across █████ which resolved to the https://██████/ While it's a not .mil host, it's likely related to the DoD since it hosted in the DoD-controlled ASN. I discovered few critical vulnerabilities here...
U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak
A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...
FreeBSD-SA-19:23.midi
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 ============================================================================= FreeBSD-SA-19:23.midi Security Advisory The FreeBSD Project Topic: kernel memory disclosure from /dev/midistat Category: core Module: sound Announced: 2019-08-20 Credits:...
U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns
Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...
CVE-2019-10943
A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...
CVE-2019-10943
A vulnerability has been identified in SIMATIC Drive Controller family All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC incl. SIPLUS variants All versions, SIMATIC ET 200SP Open Controller CPU 1515SP PC2 incl. SIPLUS variants All versions = V20.8, SIMATIC S7-1200 CPU family incl. SIPL...
NewStart CGSL CORE 5.04 / MAIN 5.04 : golang Multiple Vulnerabilities (NS-SA-2019-0047)
The remote NewStart CGSL host, running version CORE 5.04 / MAIN 5.04, has golang packages installed that are affected by multiple vulnerabilities: - An arbitrary command execution flaw was found in the way Go's go get command handled the checkout of source code repositories. A remote attacker...
CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...
CVE-2019-14312
Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source code viewer. This vulnerability allows a remote attacker to read internal files on the server via a tools/sourceViewer/index.html?filename=../ URI...
Aptana Jaxer 1.0.3.4547 - Local File inclusion Vulnerability
Exploit for multiple platform in category web applications Exploit Title: Aptana Jaxer Remote Local File inclusion Exploit Author: Steph Jensen Vendor Homepage: http://www.jaxer.org Version: 1.0.3.4547 Tested on: Linux CVE : CVE-2019-14312 Aptana Jaxer 1.0.3.4547 is vulnerable to a local file...
Aptana Jaxer 1.0.3.4547 Local File Inclusion
Exploit Title: Aptana Jaxer Remote Local File inclusion Date: 8/8/2019 Exploit Author: Steph Jensen Vendor Homepage: http://www.jaxer.org Version: 1.0.3.4547 Tested on: Linux CVE : CVE-2019-14312 Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source...
Aptana Jaxer 1.0.3.4547 - Local File inclusion
Exploit Title: Aptana Jaxer Remote Local File inclusion Date: 8/8/2019 Exploit Author: Steph Jensen Vendor Homepage: http://www.jaxer.org Version: 1.0.3.4547 Tested on: Linux CVE : CVE-2019-14312 Aptana Jaxer 1.0.3.4547 is vulnerable to a local file inclusion vulnerability in the wikilite source...