332 matches found
PT-2022-25884 · Devexpress · Devexpress Asp.Net
Name of the Vulnerable Software and Affected Versions: DevExpress ASP.NET Web Forms Build version 19.2.3 Description: The DevExpress Resource Handler ASPxHttpHandlerModule does not verify the referenced objects in the "/DXR.axd?r=" HTTP GET parameter. This leads to an Insecure Direct Object...
CVE-2022-34002
The ‘document’ parameter of PDS Vista 7’s /application/documents/display.aspx page is vulnerable to a Local File Inclusion vulnerability which allows an low-privileged authenticated attacker to leak the configuration files and source code of the web application...
PT-2022-4702 · Cognex · Cognex 3D-A1000 Dimensioning System
Name of the Vulnerable Software and Affected Versions: Cognex 3D-A1000 Dimensioning System versions 1.0.3 3354 and prior Description: The issue is related to the implementation of security functions on the client-side of the Cognex 3D-A1000 Dimensioning System. This could allow a remote attacker ...
U.S. Dept Of Defense: insecure gitlab repositories at ████████ [HtUS]
If you click the link https://███, you're redirected to https://██████/users/signin, where credentials have to be inserted. The repositories are private and shouldn't be accessable for unauthenticated users! POC If you click the following links https://████/api/v4/projects, information about...
UBUNTU-CVE-2022-26148
An issue was discovered in Grafana through 7.3.4, when integrated with Zabbix. The Zabbix password can be found in the apijsonrpc.php HTML source code. When the user logs in and allows the user to register, one can right click to view the source code and use Ctrl-F to search for password in...
IBM Maximo Anywhere 加密问题漏洞
IBM Maximo Anywhere is a next-generation mobile solution from IBM built on the IBM Worklight platform. An encryption vulnerability exists in IBM Maximo Anywhere, which stems from the product's failure to effectively protect program source code. An attacker could obfuscate the source code through...
CVE-2021-32072
The MiCollab Client Service component in Mitel MiCollab before 9.3 could allow an attacker to get source code information disclosing sensitive application data due to insufficient output sanitization. A successful exploit could allow an attacker to view source code methods...
MTN Group: Remote code execution due to unvalidated file upload
Summary: Hello I found a critical vunerability in one of your site, where user can upload any file type as a profile picture including php file Steps To Reproduce: 1. Visit https://careers.mtn.cm and register as a user. 2. After successful registration, login and update your data. 3. When uploadi...
CSRF Vuln can expose user's QRcode
Impact When a user is setting up two-factor authentication using an authenticator app, a QRcode is generated and made available via a GET request to /tf-qrcode. Since GETs do not have any CSRF protection, it is possible a malicious 3rd party could access the QRcode and therefore gain access to...
CVE-2021-20407
IBM Security Verify Information Queue 1.0.6 and 1.0.7 discloses sensitive information in source code that could be used in further attacks against the system. IBM X-Force ID: 196185...
Arbitrary file read vulnerability in zblogphp 1.5.1
Z-Blog is an open source program based on Asp and PHP platforms. Z-Blog background arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the site source code...
CVE-2019-18867
Browsable directories in Blaauw Remote Kiln Control through v3.00r4 allow an attacker to enumerate sensitive filenames and locations, including source code. This affects /ajax/, /common/, /engine/, /flash/, /images/, /Images/, /jscripts/, /lang/, /layout/, /programs/, and /sms/...
CVE-2019-18867
Technical details about CVE-2019-18867 are not publicly provided in the supplied connected documents. Monitor for updates from vendors and security advisories.
Razer: Source Code Disclosure
The tester discovered a PHP file with source code exposed. There was no known exploit...
U.S. Dept Of Defense: Git repo on https://██████.mil/ discloses API password
Summary: I found a .git repository on https://███████.mil/.git which discloses an API password for Yubikey on 2 different domains, together with full source code. Description: Fetching the git repository and decompressing the objects results in the ability to read the source code of the server,...
CVE-2019-13410
TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...
Eaton UPS 9PX 8000 SP Password Disclosure Vulnerability
The Eaton UPS 9PX 8000 SP is a power management device from Eaton USA. The Eaton UPS 9PX 8000 SP suffers from a password disclosure vulnerability that originates from a web page displayed by the device containing a clear-text password, which can be exploited to retrieve a user's password by...
SimpliSafe Original Information Disclosure Vulnerability (CNVD-2018-10490)
SimpliSafe Original is a home security management system. The system includes video surveillance and intrusion alarms, among other things. A security vulnerability exists in SimpliSafe Original that stems from a failure to encrypt transmissions. An attacker in close physical proximity could explo...
TNLSoftSolutions Sentry Information Disclosure Vulnerability
TNLSoftSolutions Sentry is a webcam device from TNLSoftSolutions, USA. A security vulnerability exists in the login page of TNLSoftSolutions Sentry version 3.x. The vulnerability can be exploited to obtain a password by reading the "ifpwd ==" line in the HTML source code...
YidaCMS Web Management System JS1.8.0 Version Exists Arbitrary File Read Vulnerability
YidaCMS website management system is a simple, practical and efficient website builder. YidaCMS website management system JS1.8.0 version exists arbitrary file reading vulnerability, attackers can use the vulnerability to obtain the website source code information...