CVE-2023-45348 Apache Airflow: Configuration information leakage vulnerability

Apache Airflow, versions 2.7.0 and 2.7.1, is affected by a vulnerability that allows an authenticated user to retrieve sensitive configuration information when the "exposeconfig" option is set to "non-sensitive-only". The exposeconfig option is False by default. It is recommended to upgrade to a...

Improper Authorization in Fisheye & Crucible through ATST Plugin - CVE-2019-15005

The Atlassian Troubleshooting and Support Tools ATST plugin prior to version 1.17.2 which was used in Fisheye & Crucible before version 4.7.2, allows an unprivileged user to initiate periodic log scans and send the results to a user-specified email address due to a missing authorization check. Th...

CVE-2018-18566

The SIP service in Polycom VVX 500 and 601 devices 5.8.0.12848 and earlier allow remote attackers to obtain sensitive phone configuration information by leveraging use with an on-premise installation with Skype for Business...

CVE-2018-16946

LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...

CVE-2018-16946

LG LNB, LND, LNU, and LNV smart network camera devices have broken access control. Attackers are able to download /updownload/t.report aka Log & Report files and download backup files via download.php without authenticating. These backup files contain user credentials and configuration informatio...

WePay: open 80 port of internal host leaking some configuration info

A testing stage server was accessible from the internet leaking some debug info. Thanks @ruvlol for reporting this to us. A testing stage was accessible to everyone in internet, leaking some debug info...

CVE-2016-5849

Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage...

Design/Logic Flaw

ZeusCart 4 allows remote attackers to obtain configuration information via a getphpinfo action to admin/, which calls the phpinfo function...

ventrilo-info NSE Script

Detects the Ventrilo voice communication server service versions 2.1.2 and above and tries to determine version and configuration information. Some of the older versions pre 3.0.0 may not have the UDP service that this probe relies on enabled by default. The Ventrilo server listens on a TCP...

CVE-2011-3580

IceWarp WebMail on IceWarp Mail Server before version 10.3.3 is affected by CVE-2011-3580, allowing remote attackers to disclose configuration/details by requesting the /server URI, triggering phpinfo. The advisory notes that the issue is fixed in 10.3.3; update to that version to remediate.

Fedora 14 : xen-4.0.1-11.fc14 (2011-6914)

gain privileged access to base domain, or access to xen configuration info. Lack of error checking could allow DoS attack from guest. CVE-2011-1583 Don't require /usr/bin/qemu-nbd as it isn't used at present. Fix issue with VGA passthrough 694001 Note that Tenable Network Security has extracted t...

CVE-2006-0023

Microsoft Windows XP SP1 and SP2 before August 2004, and possibly other operating systems and versions, uses insecure default ACLs that allow the Authenticated Users group to gain privileges by modifying critical configuration information for the 1 Simple Service Discovery Protocol SSDP, 2...

Xerox WorkCentre Device Detection

The remote host is a Xerox WorkCentre device. C Tenable Network Security, Inc. include"compat.inc"; if description scriptid18141; scriptversion"1.27"; scriptsetattributeattribute:"pluginmodificationdate", value:"2020/09/22"; scriptxrefname:"IAVT", value:"0001-T-0749"; scriptnameenglish:"Xerox...

CVE-2002-0309

The CVE-2002-0309 entry describes a vulnerability in Symantec Enterprise Firewall (SEF) 6.5.x where the SMTP proxy leaks the firewall’s physical interface name and address in an SMTP protocol exchange when NAT translates to an address other than the firewall. This could allow remote attackers to ...