CVE-2021-25958 Generation of Error Message Containing Sensitive Information in Apache OFBiz

In Apache Ofbiz, versions v17.12.01 to v17.12.07 implement a try catch exception to handle errors at multiple locations but leaks out sensitive table info which may aid the attacker for further recon. A user can register with a very long password, but when he tries to login with it an exception...

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

Information disclosure

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

CVE-2021-22249

A verbose error message in GitLab EE affecting all versions since 12.2 could disclose the private email address of a user invited to a group...

CVE-2021-22249

Removed by vendor...

CVE-2021-24558

The pspinduplicatepostsaveasnewpost function of the Project Status WordPress plugin through 1.6 does not sanitise, validate or escape the post GET parameter passed to it before outputting it in an error message when the related post does not exist, leading to a reflected XSS issue...

LedgerSMB 跨站脚本漏洞

LedgerSMB is a free web-based double-entry bookkeeping system with quoting, ordering, invoicing, projects, time cards, inventory management, shipping, etc. A cross-site scripting vulnerability exists in LedgerSMB, which stems from the application's failure to adequately encode HTML for error...

Directory traversal

An issue was discovered in Grafana Loki through 2.2.1. The header value X-Scope-OrgID is used to construct file paths for rules files, and if crafted to conduct directory traversal such as ae ../../sensitive/path/in/deployment pathname, then Loki will attempt to parse a rules file at that locatio...

Security Bulletin: A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details

Summary A vulnerability has been found in IBM Cloud Pak for Applications v4.3 where an error message may disclose implementation details Vulnerability Details CVEID: CVE-2021-20424 DESCRIPTION: IBM Cloud Pak for Applications could allow a remote attacker to obtain sensitive information when a...

UCMS Information Disclosure Vulnerability

UCMS is a content management system written in PHP. UCMS 1.5.0 contains a security vulnerability that stems from an error message returned by the adminchannelscache function in top.php that contains a physical path leak. No details of the vulnerability are currently available...

CVE-2021-20430

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...

CVE-2021-29767

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

CVE-2021-29784

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

CVE-2021-29766

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202680...

Information disclosure

IBM i2 Analyst's Notebook Premium IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 196341...

Information disclosure

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...

Information disclosure

IBM i2 Analyst's Notebook Premium 9.2.0, 9.2.1, and 9.2.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 202681...

CVE-2021-29784

IBM i2 Analyze 4.3.0, 4.3.1, and 4.3.2 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 203168...