31 matches found
joomla-exploits
joomla-exploits Exploit Title: Joomla! 4.2.8 - Unauthen...
CVE-2025-33185
NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure...
CVE-2025-33185
NVIDIA AIStore contains a vulnerability in AuthN where an unauthenticated user may cause information disclosure. A successful exploit of this vulnerability may lead to information disclosure...
Multiple vulnerabilities in Century Systems FutureNet MA and IP-K series
Overview FutureNet MA and IP-K series provided by Century Systems Co., Ltd. contain multiple vulnerabilities listed below. OS command Injection CWE-78 - CVE-2025-54763 Files or directories acessible to external parties CWE-552 - CVE-2025-58152 Chuya Hayakawa of 00One, Inc. reported these...
CVE-2025-24921
Improper neutralization for some Edge Orchestrator software before version 24.11.1 for IntelR TiberTM Edge Platform may allow an unauthenticated user to potentially enable information disclosure via adjacent access...
CVE-2025-48996
CVE-2025-48996 describes an unauthenticated information disclosure in HAX open-apis used by PSU deployment of HAX CMS via the haxPsuUsage API endpoint. The vulnerability allows remote, unauthenticated users to enumerate a full list of PSU websites hosted on HAX CMS. The issue is associated with o...
CVE-2025-48996 Unauthenticated Disclosure of PSU HAX CMS Site Listings via haxPsuUsage API Endpoint
HAX open-apis provides microservice apis for HAX webcomponents repo that are shared infrastructure calls. An unauthenticated information disclosure vulnerability exists in the Penn State University deployment of the HAX content management system via the haxPsuUsage API endpoint, related to a flat...
CVE-2019-20213
D-Link DIR-859 routers before v1.07b03beta allow Unauthenticated Information Disclosure via the AUTHORIZEDGROUP=1%0a value, as demonstrated by vpnconfig.php...
WordPress NextGEN Gallery plugin <= 3.59 - Missing Authorization to Unauthenticated Information Disclosure vulnerability
Missing Authorization to Unauthenticated Information Disclosure vulnerability discovered by Peng Zhou in WordPress Plugin NextGEN Gallery versions = 3.59...
Exploit for Improper Access Control in Joomla Joomla\!
Joomla Unauthenticated Information Disclosure Exploit CVE-202...
CVE-2023-30950
The foundry campaigns service was found to be vulnerable to an unauthenticated information disclosure in a rest endpoint...
Screen SFT DAB 600/C - Unauthenticated Information Disclosure (userManager.cgx)
Exploit Title: Screen SFT DAB 600/C - Unauthenticated Information Disclosure userManager.cgx Exploit Author: LiquidWorm Vendor: DB Elettronica Telecomunicazioni SpA Product web page: https://www.screen.it | https://www.dbbroadcast.com...
Joomla! 4.2.7 Unauthenticated Information Disclosure Exploit
!/usr/bin/env ruby Exploit Title: Joomla! = 4.2.8 References: - https://nsfocusglobal.com/joomla-unauthorized-access-vulnerability-cve-2023-23752-notice/ - https://developer.joomla.org/security-centre/894-20230201-core-improper-access-check-in-webservice-endpoints.html -...
SUSE CVE-2019-0166
Insufficient input validation in the subsystem for IntelR AMT before versions 11.8.70, 11.11.70, 11.22.70 and 12.0.45 may allow an unauthenticated user to potentially enable information disclosure via network access...
CVE-2022-0140 Visual Form Builder < 3.0.6 - Unauthenticated Information Disclosure
The Visual Form Builder WordPress plugin before 3.0.6 does not perform access control on entry form export, allowing unauthenticated users to see the form entries or export it as a CSV File using the vfb-export endpoint...
Backdoor.Win32.Zombam.b Information Disclosure
Discovery / credits: Malvuln - malvuln.com c 2022 Original source: https://malvuln.com/advisory/1e3665a67201209609ae493a2a590beeB.txt Contact: [email protected] Media: twitter.com/malvuln Threat: Backdoor.Win32.Zombam.b Vulnerability: Unauthenticated Information Disclosure Description: z0mbie's...
WordPress uListing plugin <= 1.6.6 - Unauthenticated Information Disclosure vulnerability
Unauthenticated Information Disclosure vulnerability found by Jerome Bruandet in WordPress uListing plugin versions = 1.6.6. Solution Update the WordPress uListing plugin to the latest available version at least 1.7...
CVE-2020-23446
Verint Workforce Optimization suite 15.1 15.1.0.37634 has Unauthenticated Information Disclosure via API...
PT-2020-15559
Name of the Vulnerable Software and Affected Versions Verint Workforce Optimization suite version 15.1 15.1.0.37634 Description The issue concerns an Unauthenticated Information Disclosure via an API. Recommendations For version 15.1 15.1.0.37634, at the moment, there is no information about a...
GUnet OpenEclass 1.7.3 E-learning platform - (month) SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: GUnet OpenEclass 1.7.3 E-learning platform - 'month' SQL Injection Google Dork: intext:"© GUnet 2003-2007" Exploit Author: emaragkos Vendor Homepage: https://www.openeclass.org/ Software Link:...