GHSA-WFJ7-MHR5-PCWQ Apache Tomcat Reveals Directories

Apache Tomcat 5 before 5.5.17 allows remote attackers to list directories via a semicolon ; preceding a filename with a mapped extension, as demonstrated by URLs ending with /;index.jsp and /;help.do...

Mozilla Firefox Security Advisory (MFSA2021-03) - Linux

The remote host is missing an update for Mozilla Firefox, announced via the advisory MFSA2021-03. SPDX-FileCopyrightText: 2021 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-on...

Path traversal

ECOA BAS controller suffers from a path traversal content disclosure vulnerability. Using the GET parameter in File Manager, unauthenticated attackers can remotely disclose directory content on the affected device...

CVE-2020-29503

Dell EMC PowerStore versions prior to 1.0.3.0.5.xxx contain a file permission Vulnerability. A locally authenticated attacker could potentially exploit this vulnerability, leading to the information disclosure of certain system directory...

CVE-2021-29022

InvoicePlane 1.5.11 is affected by CVE-2021-29022, where the upload feature discloses the full path of the file upload directory. Affected component: the upload handling mechanism in InvoicePlane; root cause indicated by public records as a path disclosure. Impact is limited to confidentiality (p...

0D1N v3.4 - Tool For Automating Customized Attacks Against Web Applications (Full Made In C Language With Pthreads, Have A Fast Performance)

0d1n is a tool for automating customized attacks against web applications. This tool is very faster because uses thread pool and C language. 0d1n is a tool for automating customized attacks against web applications. Video demo: Tool functions: Brute force login and passwords in auth forms Directo...

KonaWiki Authorization Issues Vulnerability

KonaWiki is a lightweight Wiki system. The system is primarily used for writing manuscripts, keeping meeting minutes and memos, etc. A security vulnerability exists in KonaWiki version 3.1.1 and prior versions, which stems from Inadequate query checking allows a remote attacker to unauthorizedly...

QiHang Media Web Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability

Exploit for hardware platform in category web applications QiHang Media Web QH.aspx Digital Signage 3.0.9 Arbitrary File Disclosure Vulnerability Vendor: Shenzhen Xingmeng Qihang Media Co., Ltd. Guangzhou Hefeng Automation Technology Co., Ltd. Product web page: http://www.howfor.com Affected...

undertow: Information leak in requests for directories without trailing slashes

undertow before version 2.0.23.Final is vulnerable to an information leak issue. Web apps may have their directory structures predicted through requests without trailing slashes via the api...

Sql injection

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

CVE-2019-12463

An issue was discovered in LibreNMS 1.50.1. The scripts that handle graphing options includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with mysqlirealescapestring,...

CVE-2019-10665

LibreNMS (through 1.50.x) contains input handling weaknesses in its graphing scripts (includes/html/graphs/common.inc.php and includes/html/graphs/graphs.inc.php or html/graph.php) that allow injecting RRDtool syntax via newline characters. This occurs because several user-supplied fields are not...

CVE-2019-10849

Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...

0D1N v2.6 - Web Security Tool To Make Fuzzing At HTTP/S

0d1n is a tool for automating customized attacks against web applications. You can do: Brute force login and passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test to find SQL Injection and XSS vulnerabilities Options to load ANTI-CSRF token each reque...

Apache Solr XML External Entity Expansion Information Disclosure (CVE-2018-8010)

An XML external entity expansion vulnerability exists in Apache Solr. The vulnerability is due to improper handling of XML external entities. Successful exploitation results in the disclosure of file or directory contents for any file or directory readable by the Apache Solr service...

NetComm NWL-25 Device Directory Disclosure Vulnerability

The NetComm NWL-25 is a 4G LTE industrial grade M2M router. A device catalog disclosure vulnerability exists in the NetComm NWL-25 using firmware version 2.0.29.11 and earlier, which can be exploited by an attacker to obtain the device's catalog...

CVE-2018-14785

NetComm Wireless G LTE Light Industrial M2M Router NWL-25 with firmware 2.0.29.11 and prior. The directory of the device is listed openly without authentication...

0d1n v2.5 - Web Security Tool to Make Fuzzing at HTTP/S

Web security tool to make fuzzing at HTTP inputs, made in C with libCurl. 0d1n is a tool for automating customized attacks against web applications. You can do: Brute force passwords in auth forms Directory disclosure use PATH list to brute, and find HTTP status code Test list on input to find SQ...

Oracle Linux 7 : tomcat (ELSA-2017-2247)

The remote Oracle Linux 7 host has packages installed that are affected by multiple vulnerabilities as referenced in the ELSA-2017-2247 advisory. - Resolves: rhbz1459747 CVE-2017-5664 tomcat: Security constrained bypass in error page mechanism - Resolves: rhbz1441481 CVE-2017-5647 tomcat: Incorre...

Paragon Initiative Enterprises: Directory Disclose,Email Disclose Zendmail vulnerability

i found three vulnerability Directory information disclose,Email address disclose, and possible Remote code execution in Zendmail during signup your code accept username with ',",/,@ while all of the special character must be forbidden or encoded in username Directory Disclose: 1. goto sign-up pa...