CVE-2019-10849

CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...

Acunetix Vulnerability Scanner Now With Network Security Scans

User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...

PCI DSS Compliance - Information Leakage

The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...

Improper Input Validation

Python is an interpreted, interactive, object-oriented programming language that supports modules, classes, exceptions, high-level dynamic data types, and dynamic typing. The python27 collection provide a stable release of Python 2.7 with a number of additional utilities and database connectors f...

TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}

Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...

CVE-2019-9126

An issue was discovered on D-Link DIR-825 Rev.B 2.10 devices. There is an information disclosure vulnerability via requests for the routerinfo.xml document. This will reveal the PIN code, MAC address, routing table, firmware version, update time, QOS information, LAN information, and WLAN...

FreeBSD : Gitlab -- Multiple vulnerabilities (b2f4ab91-0e6b-11e9-8700-001b217b3468)

Gitlab reports : Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label...

Gitlab -- Multiple vulnerabilities

Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...

KPOT Botnet - File Download/Source Code Disclosure Vulnerability

Exploit for php platform in category web applications Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Window...

Code injection

Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...

Starbucks: Backup Source Code Detected

Impact Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:•Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database. •Access...

Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools

A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...

Security Bulletin: Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (CVE-2013-0464 and CVE-2013-0467)

Summary IBM Rational Change can be affected by two vulnerabilities Cross-site scripting and Help system's source code disclosure by using a specially crafted URL in the IBM Eclipse Help System IEHS, which is used to display the IBM Rational Change help content. Vulnerability Details | Subscribe t...

Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure

Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...

Mail.ru: [mobs.mail.ru] nginx path traversal via misconfigured alias

Domain, site, application -- mobs.mail.ru Steps to reproduce -- http://mobs.mail.ru/media../mobs/settings.py Actual results -- py ... SECRETKEY = '████████████' ... DISTIMOPRIVATEKEY = '████████████' ... PoC, exploit code, screenshots, video, references, additional resources --...

Syhunt ScanTools 6.0 - Console Web Vulnerability Scan Tools

Syhunt ScanTools 6.0 adds advanced fingerprinting capabilities, enhanced spidering, injection and code scan capabilities, and a large number of improved checks. Adds the display of Hybrid, Dynamic and Code detailed scan statistics to the command-line tools. New fingerprinting capabilities - Becau...

JGI CMS 1.0 Script Source Code Disclosure

Title: ======= JGI CMS - Script Source Code Disclosure Introduction: ============== A content management system CMS is a computer application that supports the creation and modification of digital content. It is often used to support multiple users working in a collaborative environment. CMS...

Snapchat: Open prod Jenkins instance

@prebenve found a Jenkins instance where they could login with any valid Google account. Once logged in, they gained access to sensitive API tokens. The access also included some source code disclosure for public apps and the ability to execute arbitrary code via the Jenkins Script Console...

Cgiemail Source Code Disclosure Vulnerability

CGIEmail is a WEB-based mail processing system. A source code disclosure vulnerability exists in Cgiemail version 1.6, which allows an attacker to retrieve the source code of a script file e.g., PL, CGI, and BAT from the server by sending a specially crafted request that contains square brackets...

Cgiemail 1.6 Source Code Disclosure

!/usr/bin/env perl Exploit Title: cgiemail local file inclusion Vendor Homepage: http://web.mit.edu/wwwdev/cgiemail/webmaster.html Software Link: http://web.mit.edu/wwwdev/cgiemail/cgiemail-1.6.tar.gz Version: 1.6 and older Date: 2016-09-27 cgiecho a script included with cgiemail will return any...