Lucene search
+L

48 matches found

patchstack
patchstack
added 2024/11/18 9:32 a.m.6 views

WordPress Google for WooCommerce plugin <= 2.8.6 - Information Disclosure via Publicly Accessible PHP Info File vulnerability

Information Disclosure via Publicly Accessible PHP Info File vulnerability discovered by Francesco Carlucci in WordPress Plugin Google for WooCommerce versions = 2.8.6...

5.3CVSS6.7AI score0.00879EPSS
Exploits0References1Affected Software1
bdu_fstec
bdu_fstec
added 2024/11/14 12:0 a.m.8 views

The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link routers such as DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software systems allows a hacker to disclose confidential information.

The vulnerability of the /xml/info.xml file of the HTTP GET Request Handler component in D-Link DNS-320, DNS-320LW, DNS-325, and DNS-340L microprogrammed software routers is related to insufficient protection of sensitive data. Exploiting this vulnerability can allow an attacker to disclose...

5.3CVSS6.2AI score0.01464EPSS
Exploits1References5Affected Software4
ptsecurity
ptsecurity
added 2024/11/06 12:0 a.m.6 views

PT-2024-7983 · D Link · D-Link Dns-320 +2

Name of the Vulnerable Software and Affected Versions: D-Link DNS-320 versions up to 20241028 D-Link DNS-320LW versions up to 20241028 D-Link DNS-325 versions up to 20241028 D-Link DNS-340L versions up to 20241028 Description: The issue is related to insufficient protection of service data in the...

6.9CVSS6.1AI score0.01464EPSS
Exploits1References12
osv
osv
added 2024/05/07 2:15 p.m.4 views

CVE-2024-4590

A vulnerability was found in DedeCMS 5.7. It has been rated as problematic. Affected by this issue is some unknown functionality of the file /src/dede/sysinfo.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The exploit has been disclosed to the publ...

4.3CVSS4.7AI score0.0042EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2024/05/07 12:0 a.m.6 views

PT-2024-31843 · Dedecms · Dedecms

Name of the Vulnerable Software and Affected Versions: DedeCMS version 5.7 Description: A vulnerability was found in DedeCMS, affecting some unknown functionality of the file /src/dede/sys info.php. The manipulation leads to cross-site request forgery. The attack may be launched remotely. The...

5CVSS5AI score0.0042EPSS
Exploits1References10
ptsecurity
ptsecurity
added 2024/04/02 12:0 a.m.9 views

PT-2024-24460 · Sourcecodester · Sourcecodester Php Task Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester PHP Task Management System version 1.0 Description: A critical vulnerability was found in the SourceCodester PHP Task Management System. This issue affects the file attendance-info.php and is related to the manipulation of the...

8.8CVSS8.2AI score0.00666EPSS
Exploits1References8
bdu_fstec
bdu_fstec
added 2023/05/29 12:0 a.m.7 views

The vulnerability of D-Link DIR-825 router’s microprogramming software lies in the lack of protection for service data, allowing attackers to disclose the protected information.

The vulnerability of D-Link DIR-825 router’s microprogramming software is related to the lack of protection for service data. Exploiting this vulnerability can allow a malicious actor, operating remotely, to disclose the protected information by requesting the routerinfo.xml file...

7.8CVSS7.2AI score0.01685EPSS
Exploits1References2Affected Software1
ptsecurity
ptsecurity
added 2023/05/14 12:0 a.m.5 views

PT-2023-20848 · Sourcecodester · Sourcecodester Computer Laboratory Management System

Name of the Vulnerable Software and Affected Versions: SourceCodester ICT Laboratory Management System version 1.0 Description: A vulnerability has been found in the SourceCodester ICT Laboratory Management System, affecting an unknown functionality of the file views/room info.php of the componen...

6.1CVSS4.3AI score0.00613EPSS
Exploits1References6
susecve
susecve
added 2023/02/15 6:7 a.m.4 views

SUSE CVE-2008-3699

The MagnatuneBrowser::listDownloadComplete function in magnatunebrowser/magnatunebrowser.cpp in Amarok before 1.4.10 allows local users to overwrite arbitrary files via a symlink attack on the albuminfo.xml temporary file...

3.3CVSS6.7AI score0.00353EPSS
Exploits0References4
susecve
susecve
added 2023/02/15 3:37 a.m.5 views

SUSE CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

8.8CVSS6.9AI score0.00406EPSS
Exploits0References9
susecve
susecve
added 2023/02/15 3:30 a.m.5 views

SUSE CVE-2022-4450

The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...

5.9CVSS7.4AI score0.20444EPSS
Exploits0References77
ptsecurity
ptsecurity
added 2022/11/16 12:0 a.m.9 views

PT-2022-25223 · Unknown · Hospital Management Center

Name of the Vulnerable Software and Affected Versions: Hospital Management Center affected versions not specified Description: A critical issue has been found in Hospital Management Center, affecting an unknown function of the file patient-info.php. The manipulation of the pt id argument leads to...

9.8CVSS9.6AI score0.00494EPSS
Exploits1References4
ptsecurity
ptsecurity
added 2022/08/17 12:0 a.m.9 views

PT-2022-23260 · Dedebiz · Dedebiz

Name of the Vulnerable Software and Affected Versions: DedeBIZ version 6 Description: A remote code execution issue was found in sys info.php, allowing for potential code execution. Recommendations: For DedeBIZ version 6, consider restricting access to the sys info.php file until a patch is...

7.2CVSS7.5AI score0.01719EPSS
Exploits1References4
attackerkb
attackerkb
added 2022/07/14 1:15 p.m.10 views

CVE-2022-28377

On Verizon 5G Home LVSKIHP InDoorUnit IDU 3.4.66.162 and OutDoorUnit ODU 3.33.101.0 devices, the CRTC and ODU RPC endpoints rely on a static account username/password for access control. This password can be generated via a binary included in the firmware, after ascertaining the MAC address of th...

7.5CVSS5.9AI score0.00897EPSS
Exploits1References3
nvd
nvd
added 2022/04/29 5:15 p.m.21 views

CVE-2022-29414

Multiple 13x Cross-Site Request Forgery CSRF vulnerabilities in WPKube's Subscribe To Comments Reloaded plugin mass update settings, manage subscriptions add a new subscription, update subscription, delete Subscription...

5.8CVSS0.00379EPSS
Exploits0References2
attackerkb
attackerkb
added 2021/12/02 1:15 p.m.4 views

CVE-2021-43683

pictshare v1.5 is affected by a Cross Site Scripting XSS vulnerability in api/info.php. The exit function will terminate the script and print the message which has $REQUEST'hash'...

6.1CVSS6.4AI score0.00639EPSS
Exploits1References2
osv
osv
added 2021/10/08 2:15 p.m.1 views

DEBIAN-CVE-2021-41133

Flatpak is a system for building, distributing, and running sandboxed desktop applications on Linux. In versions prior to 1.10.4 and 1.12.0, Flatpak apps with direct access to AFUNIX sockets such as those used by Wayland, Pipewire or pipewire-pulse can trick portals and other host-OS services int...

7.8CVSS6.7AI score0.00406EPSS
Exploits0References1
hackerone
hackerone
added 2021/10/04 8:17 a.m.51 views

Semrush: php info file and sql backup at vendor's subdomain

Researcher found open /phpinfo.php and sql backup from mvp app at vendor's subdomain. There was no sensitive data...

6.9AI score
Exploits0
osv
osv
added 2021/06/16 7:15 p.m.5 views

CVE-2020-25754

An issue was discovered on Enphase Envoy R3.x and D4.x devices. There is a custom PAM module for user authentication that circumvents traditional user authentication. This module uses a password derived from the MD5 hash of the username and serial number. The serial number can be retrieved by an...

7.5CVSS7.1AI score0.01339EPSS
Exploits1References3
osv
osv
added 2021/06/03 11:15 p.m.4 views

CVE-2020-36006

AppCMS 2.0.101 in /admin/info.php has an arbitrary file deletion vulnerability which allows attackers to delete arbitrary files on the site...

6.5CVSS5.9AI score0.01075EPSS
Exploits1References1
Rows per page
Query Builder