3856 matches found
Online Book Store 1.0 SQL Injection
Exploit Title: Online Book Store 1.0 - process.php SQL injection Google Dork: 4/26/2023 Exploit Author: Or4nG.M4n Vendor Homepage: https://projectworlds.in/free-projects/php-projects/online-book-store-project-in-php/ Software Link:...
CVE-2023-28771
Improper error message handling in Zyxel ZyWALL/USG series firmware versions 4.60 through 4.73, VPN series firmware versions 4.60 through 5.35, USG FLEX series firmware versions 4.60 through 5.35, and ATP series firmware versions 4.60 through 5.35, which could allow an unauthenticated attacker to...
Design/Logic Flaw
XWiki Platform is a generic wiki platform offering runtime services for applications built on top of it. Any user who can create a space can become admin of that space through App Within Minutes. The admin right implies the script right and thus allows JavaScript injection. The vulnerability can ...
Use of revert Statement in requireOwner Function in Ownable Contract May Cause Unexpected Behavior
Lines of code Vulnerability details Summary: There is a potential issue with the error handling in the requireOwner function that may lead to unexpected behavior. Description: Description: The Ownable contract provides basic access control by defining an owner address that can be granted exclusiv...
How to customize the error message generated by Citrix ADC in nFactor system
Customize the error message generated by Citrix ADC in nFactor system...
[NetScaler] Error "KB Questions and Asnwers not registered" with LDAP KBAttribute
In a SSPR nFactor configuration. You may observe error "KB Questions and Asnwers not registered" when login with LDAP password and can't move to the next AAA factor. Triggers are: The LDAP factor has noschema boundInherits username & password from a previous factor. LDAP action has KBAttribute...
CVE-2022-4770
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...
CVE-2022-4770 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the full parametrized SQL query in an error message when an invalid character is used within a Pentaho Report .prpt...
CVE-2022-4769 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name...
CVE-2022-4769 Hitachi Vantara Pentaho Business Analytics Server - Generation of Error Message Containing Sensitive Information
Hitachi Vantara Pentaho Business Analytics Server prior to versions 9.4.0.0 and 9.3.0.2, including 8.3.x display the target path on host when a file is uploaded with an invalid character in its name...
Information disclosure
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
SAML authentication fails with PingFed IdP with error "There was a failure with the mapped account"
Users get the error: "There was a failure with the mapped account" when attempt to login to StoreFront URL after configuring SAML authentication on the StoreFront server with PingFed IdP When checked the Citrix Delivery Services event logs from SF, we see below error: The security token failed...
Workspace Error "Unable to add account with the given server URL" after enabling WAF on ADC
After enabling WAF on ADC, the following error is seen while adding Citrix Gateway URL on Workspace : "Unable to add account with the given server URL. Ensure that it is correct or enter your email address." Traffic Flow Brief Topo: Workspace LB SSL Virtual Serveron ADC1 , WAF enabled Citrix...
Unable to update WAF Signatures "File too large"
Customer is unable to update NetScaler AppFw Signatures from the GUI and receives an error "File too large" when attempting the WAF signature update...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
CVE-2023-1574
Information disclosure in the user creation feature of a MSSQL data source in Devolutions Remote Desktop Manager 2023.1.9 and below on Windows allows an attacker with access to the user interface to obtain sensitive information via the error message dialog that displays the password in clear text...
The vulnerability of the SCADA system ProMIS InSCADA, related to improper protection of error messages sent out, allows attackers to compromise the confidentiality, integrity, and accessibility of the protected information.
The vulnerability of the SCADA system ProMIS InSCADA is related to improper protection of error messages sent out. Exploiting this vulnerability allows a malicious actor to compromise the confidentiality, integrity, and accessibility of the protected information...
GHSA-H6G5-WQQR-3MW3 Sensitive Information in Error Messages in Apache Airflow
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2. The traceback contains information that might be useful for a potential attacker to better target their attack Python/Airflow...
CVE-2023-25695
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...
CVE-2023-25695
Generation of Error Message Containing Sensitive Information vulnerability in Apache Software Foundation Apache Airflow.This issue affects Apache Airflow: before 2.5.2...