48 matches found
WordPress Google for WooCommerce plugin <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File vulnerability
Information Disclosure via Publicly Accessible PHP Info File vulnerability discovered by Francesco Carlucci in WordPress Plugin Google for WooCommerce versions = 2.8.6...
The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software systems allows a hacker to disclose confidential information.
The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software routers is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose...
PT-2024-7983 · D Link · D-Link Dns-320 +2
Name of the Vulnerable Software and Affected Versions: D-Link DNS-320 versions up to 20241028 D-Link DNS-320LW versions up to 20241028 D-Link DNS-325 versions up to 20241028 D-Link DNS-340L versions up to 20241028 Description: The issue is related to insufficient protection of service data in the...
CVE-2024-4590
A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sysinfo.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the publ...
PT-2024-31843 · Dedecms · Dedecms
Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A vulnerability was found in DedeCMS, affecting some unknown functionality of the file /src/dede/sys info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The...
PT-2024-24460 · Sourcecodester · Sourcecodester Php Task Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Task Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester PHP Task Management System. This issue affects the file attendance-info.php and is related to the manipulation of the...
The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of protection for service data, allowing attackers to disclose the protected information.
The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information by requesting the routerinfo.xml file...
PT-2023-20848 · Sourcecodester · Sourcecodester Computer Laboratory Management System
Name of the Vulnerable Software and Affected Versions: SourceCodester ICT Laboratory Management System version 1.0 Description: A vulnerability has been found in the SourceCodester ICT Laboratory Management System, affecting an unknown functionality of the file views/room info.php of the componen...
SUSE CVE-2008-3699
The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...
SUSE CVE-2021-41133
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...
SUSE CVE-2022-4450
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
PT-2022-25223 · Unknown · Hospital Management Center
Name of the Vulnerable Software and Affected Versions: Hospital Management Center affected versions not specified Description: A critical issue has been found in Hospital Management Center, affecting an unknown function of the file patient-info.php. The manipulation of the pt id argument leads to...
PT-2022-23260 · Dedebiz · Dedebiz
Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6 Description: A remote code execution issue was found in sys info.php, allowing for potential code execution. Recommendations: For DedeBIZ version 6, consider restricting access to the sys info.php file until a patch is...
CVE-2022-28377
On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...
CVE-2022-29414
Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...
CVE-2021-43683
pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...
DEBIAN-CVE-2021-41133
Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...
Semrush: php info file and sql backup at vendor's subdomain
Researcher found open /phpinfo.php and sql backup from mvp app at vendor's subdomain. There was no sensitive data...
CVE-2020-25754
An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...
CVE-2020-36006
AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site...