19 matches found
CVE-2025-58589
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
CVE-2025-58581
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker can thus obtain information about the technology used and the structure of the application...
CVE-2025-58589
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
CVE-2025-58589 Information Disclosure Through Stacktrace
When an error occurs in the application a full stacktrace is provided to the user. The stacktrace lists class and method names as well as other internal information. An attacker thus receives information about the technology used and the structure of the application...
CVE-2025-58589
CVE-2025-58589 describes an information-disclosure vulnerability where errors reveal full stack traces to users, exposing internal class/method names and application structure. Connected sources confirm affected SICK products: SICK Enterprise Analytics and SICK Logistic Analytics (for example, SI...
PT-2025-40861
Name of the Vulnerable Software and Affected Versions The product name cannot be determined. affected versions not specified Description The application reveals full stacktraces when errors occur. These stacktraces contain internal details like class and method names, potentially exposing...
SICK AG Enterprise Analytics 安全漏洞
SICK AG Enterprise Analytics is a package analysis software from SICK AG, Germany. A security vulnerability exists in SICK AG Enterprise Analytics that stems from the provision of a full stack trace in the event of an application error, which could disclose technical details and application...
EUVD-2023-57828
Malicious code in bioql PyPI...
CVE-2020-11822
In Rukovoditel 2.5.2, there is a stored XSS vulnerability on the application structure -- user access groups page. Thus, an attacker can inject malicious script to steal all users' valuable data...
CVE-2023-5515
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
Design/Logic Flaw
The responses for web queries with certain parameters disclose internal path of resources. This information can be used to learn internal structure of the application and to further plot attacks against web servers and deployed web applications...
Rukovoditel Cross-Site Scripting Vulnerability (CNVD-2020-26655)
Rukovoditel is a set of Web-based open source project management software from the Rukovoditel team. The software has project management , customer relationship management and other functions . A cross-site scripting vulnerability exists in the User Access Groups page of the Application Structure...
Engel & Völkers Technology GmbH: Information Exposure at https://printshop.engelvoelkers.com/
Summary: There is an information exposure through some tmp, txt files that can allow an attacker to download some files from the application. Steps To Reproduce: + There are some files that exposed internal links from the application, inside of these files you can view some .xls that you can...
Ngrev - Tool For Reverse Engineering Of Angular Applications
Graphical tool for reverse engineering of Angular projects. It allows you to navigate in the structure of your application and observe the relationship between the different modules, providers, and directives. The tool performs static code analysis which means that you don't have to run your...
Directory Listing
Web servers permitting directory listing are typically used for sharing files. Directory listing allows the client to view a simple list of all the files and folders hosted on the web server. The client is then able to traverse each directory and download the files. Cyber-criminals will utilise t...
Rukovoditel Project Management CRM 2.4.1 SQL Injection
Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Dork: N/A Date: 27-01-2019 Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Category: Webapps Tested on: Wampp...
Rukovoditel Project Management CRM 2.4.1 - lists_id SQL Injection Vulnerability
Exploit for php platform in category web applications Exploit Title: Rukovoditel Project Management CRM 2.4.1 - 'listsid' SQL Injection Exploit Author: Mehmet EMIROGLU Vendor Homepage: https://www.rukovoditel.net/ Software Link: https://sourceforge.net/projects/rukovoditel/ Version: 2.4.1 Categor...
ExchangeRelayX - An NTLM Relay Tool To The EWS Endpoint For On-Premise Exchange Servers (Provides An OWA For Hackers)
Version 1.0.0. This tool is a PoC to demonstrate the ability of an attacker to perform an SMB or HTTP based NTLM relay attack to the EWS endpoint on an on-premise Microsoft Exchange server to compromise the mailbox of the victim. This tool provides the attacker with an OWA looking interface, with...
Dynamic Application Profiling: What It Is and Why You Want Your WAF to Have It
Because web applications are unique, they have distinct structures and dynamics, and – unfortunately – different vulnerabilities. A web application security device, therefore, must understand the structure and usage of the protected applications. Depending on the complexity of the protected...