9 matches found
CVE-2026-40908
WWBN AVideo is an open source video platform. In versions 29.0 and prior, the file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs,...
PrestaShop Version Hunter
psversionhunter.py fingerprints a PrestaShop installation by comparing the versions of its native modules against the module versions bundled with a known PrestaShop release tag. This is useful when a target does not expose the PrestaShop core version directly but still exposes native module...
WWBN AVideo has an Unauthenticated Information Disclosure via git.json.php Exposes Developer Emails and Deployed Version
Summary The file git.json.php at the web root executes git log -1 and returns the full output as JSON to any unauthenticated user. This exposes the exact deployed commit hash enabling version fingerprinting against known CVEs, developer names and email addresses PII, and commit messages which may...
CVE-2022-23690
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further...
EUVD-2025-36362
PILOS Platform for Interactive Live-Online Seminars is a frontend for BigBlueButton. PILOS before 4.8.0 exposes the PHP version via the X-Powered-By header, enabling attackers to fingerprint the server and assess potential exploits. This information disclosure vulnerability originates from PHP’s...
EUVD-2022-28629
Malicious code in bioql PyPI...
CVE-2019-10667
An issue was discovered in LibreNMS through 1.47. Information disclosure can occur: an attacker can fingerprint the exact code version installed and disclose local file paths...
Security feature bypass
A vulnerability in the web-based management interface of AOS-CX could allow a remote unauthenticated attacker to fingerprint the exact version AOS-CX running on the switch. This allows an attacker to retrieve information which could be used to more precisely target the switch for further...
JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting
Security Advisory: JBOSS 3.2.2-3.2.7 / 4.0.2 installation path disclosure / config disclosure / version fingerprinting Date: 14/06/05 URL: http://www.illegalaccess.org/java/jbosspath.php Problem: The default installation of JBoss reveals the path of the installation directory and allows...