Error: "Personal vDisk Inventory Is Not Up To Date. Update the Inventory in the Master Image, And Then Try Again" In Studio

New deployed target device shows "Personal vDisk inventory is not up to date. Update the inventory in the master image, and then try again." in studio...

CVE-2017-7463

JBoss BRMS 6 and BPM Suite 6 are vulnerable to a reflected XSS via artifact upload. A malformed XML file, if uploaded, causes an error message to appear that includes part of the bad XML code verbatim without filtering out scripts. Successful exploitation would allow execution of script code with...

Splunk Enterprise < 5.0.18 / 6.0.14 / 6.1.13 / 6.2.13.1 / 6.3.10 / 6.4.6 / 6.5.3 / Splunk Light < 6.5.3 Multiple Vulnerabilities

According to its self-reported version number, the version of Splunk running on the remote web server is Splunk Light 6.5.x prior to 6.5.3 or Splunk Enterprise 5.0.x prior to 5.0.18, 6.0.x prior to 6.0.14, 6.1.x prior to 6.1.13, 6.2.x prior to 6.2.13.1, 6.3.x prior to 6.3.10, 6.4.x prior to 6.4.6...

Rockstar Games: Table and Column Exposure

In this report, the researcher found an error message on our Careers page that exposed database table names. If an injection vulnerability had also existed there, this information could have helped an attacker carry out attacks. In response, we cleaned up the error message so that it still gives...

CVE-2017-0885

Nextcloud Server before 9.0.55 and 10.0.2 suffers from a error message disclosing existence of file in write-only share. Due to an error in the application logic an adversary with access to a write-only share may enumerate the names of existing files and subfolders by comparing the exception...

Nextcloud Server and ownCloud Server Content Spoofing Vulnerabilities

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...

Nextcloud Server and ownCloud Server Security Bypass Vulnerability (CNVD-2017-05313)

ownCloud is a free and open source personal cloud storage solution from German company ownCloud. nextcloud is an open source self-hosted file synchronization and sharing communication application platform. ownCloud Server and Nextcloud Server are both a server version of one of them. A security...

Storefront 2.6 - users get "Error 500".

users get "Error 500"...

CVE-2016-9466

Nextcloud Server before 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from Reflected XSS in the Gallery application. The gallery app was not properly sanitizing exception messages from the Nextcloud/ownCloud server. Due to an endpoint where an attacker could influence the error message,...

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

CVE-2016-9467

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

CVE-2016-9460

Nextcloud Server before 9.0.52 & ownCloud Server before 9.0.4 are vulnerable to a content-spoofing attack in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to display an...

Directory traversal

Nextcloud Server before 9.0.54 and 10.0.1 & ownCloud Server before 9.0.6 and 9.1.2 suffer from content spoofing in the files app. The location bar in the files app was not verifying the passed parameters. An attacker could craft an invalid link to a fake directory structure and use this to displa...

PVS targets experience BSOD: IRQL Not Less or Equal on targets created using XDSW when booting for the first time

PVS Target devices created using Xendesktop Setup Wizard are running in toa blue screen of death issue. The error message displayed on the BSOD screen shows the following message: Your PC ran into a problem and needs to restart. We're just collecting some error info, and then we'll restart for yo...

S2-046: Struts 2 Remote Code Execution vulnerability（CVE-2017-5638）

It is possible to perform a RCE attack with a malicious Content-Disposition value or with improper Content-Length header. If the Content-Dispostion / Content-Length value is not valid an exception is thrown which is then used to display an error message to a user. This is a different vector for t...

PHP-Nuke Information Disclosure Vulnerability

An information disclosure vulnerability exists in PHP-Nuke version 8.0. Due to the disclosure of the installation path in an error message, a remote attacker can obtain sensitive information by directly requesting the .php file...

Design/Logic Flaw

Wonder CMS 2014 allows remote attackers to obtain sensitive information by logging into the application with an array for the password, which reveals the installation path in an error message...

Information disclosure

GetSimple CMS 3.3.4 allows remote attackers to obtain sensitive information via a direct request to 1 plugins/anonymousdata.php or 2 plugins/InnovationPlugin.php, which reveals the installation path in an error message...

Design/Logic Flaw

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...

CVE-2015-3882

qdPM 8.3 allows remote attackers to obtain sensitive information via invalid ID value to index.php/users/info/id/ID, which reveals the installation path in an error message...