Information disclosure

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862...

Information disclosure

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189...

CVE-2020-4544

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 183189...

CVE-2020-4487

IBM Jazz Foundation Products could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 181862...

CVE-2020-4897

IBM Emptoris Contract Management and IBM Emptoris Spend Analysis 10.1.0, 10.1.1, and 10.1.3 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM...

IBM Sterling B2B Integrator Information Disclosure Vulnerability (CNVD-2021-02004)

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. An information disclosure vulnerability exists in IBM Sterling B2B Integrator 5.2.0.0 - 5.2.6.52, 6.0.0.0 - 6.0.3.2, 6.1.0.0. A remote attacker could...

CVE-2020-4761

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.52, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...

CVE-2020-4761

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.52, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...

Information disclosure

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.52, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...

CVE-2020-4761

IBM Sterling B2B Integrator Standard Edition 5.2.0.0 through 5.2.6.52, 6.0.0.0 through 6.0.3.2, and 6.1.0.0 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against t...

IBM Sterling B2B Integrator 信息泄露漏洞

IBM Sterling B2B Integrator is a transaction engine, a set of components that run the processes you define and manage based on your business needs. An information disclosure vulnerability exists in IBM Sterling B2B Integrator 5.2.0.0 - 5.2.6.52, 6.0.0.0 - 6.0.3.2, 6.1.0.0. A remote attacker could...

MTN Group: RCE Apache Struts2 remote command execution (S2-045) on [wifi-partner.mtn.com.gh]

Summary: A Remote Code Execution vulnerability exists in Apache Struts2 when performing file upload based on Jakarta Multipart parser. It is possible to perform a RCE attack with a malicious Content-Type value. If the Content-Type value isn't valid an exception is thrown which is then used to...

CVE-2020-35952

CVE-2020-35952 affects PHPFusion (PHP-Fusion) Andromeda 9.x before 2020-12-30. The issue is that login.php generates error messages that differentiate between an incorrect username and an incorrect password, rather than a single generic message, which could enable user enumeration. The connected ...

phpMyAdmin 4.0.0 < 4.0.10.12 / 4.4.0 < 4.4.15.2 / 4.5.0 < 4.5.3.1 Information Disclosure (PMASA-2015-6)

According to its self-reported version, the phpMyAdmin application hosted on the remote web server is 4.0.x prior to 4.0.10.12, 4.4.x prior to 4.4.15.2, or 4.5.x prior to 4.5.3.1. It is, therefore, affected by an information disclosure vulnerability: - libraries/config/messages.inc.php in...

LiteSpeed Cache < 3.6.1 - Authenticated Stored Cross-Site Scripting

The plugin does not sanitise invalid IPs given in its Toolbox page before displaying them in an error message. PoC Submit a payload such as in the Admin IPs section of the Toolbox /wp-admin/admin.php?page=litespeed-toolbox...

Remote Code Execution (RCE)

kitty is vulnerable to remote code execution. The vulnerability is possible because filename containing special characters can be included in an error message which allows an attacker to inject malicious code into the system...

CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

Information disclosure

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

CVE-2020-35605

The Graphics Protocol feature in graphics.c in kitty before 0.19.3 allows remote attackers to execute arbitrary code because a filename containing special characters can be included in an error message...

CVE-2020-4842

IBM Security Secret Server 10.6 could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 190046...