AVideo: Unauthenticated Information Disclosure via Disabled CLI Guard in install/test.php

Summary The install/test.php diagnostic script has its CLI-only access guard disabled by commenting out the die statement. The script remains accessible via HTTP after installation, exposing video viewer statistics including IP addresses, session IDs, and user agents to unauthenticated visitors...

Information Exposure

Overview wwbn/avideo is an Audio and Video Platform or simply "A Video Platform". Affected versions of this package are vulnerable to Information Exposure via the install/test.php script when the command-line interface guard is disabled. An attacker can access sensitive information such as viewer...

International Islamic University Chittagong: Full Path Disclosure

Hi Team, i would like to report sensitive info disclosure via login page PoC: send below request to see the path disclosure. GET /hrd/logining.php HTTP/1.1 Host: 119.18.148.140 User-Agent: Mozilla/5.0 Windows NT 10.0; Win64; x64; rv:56.0 Gecko/20100101 Firefox/56.0 Accept:...

Check_MK 1.2.8p25 - Information Disclosure Exploit

Exploit for python platform in category web applications 1. ADVISORY INFORMATION ======================= Product: Checkmk Vendor URL: https://mathias-kettner.de/checkmk.html Type: Race Condition CWE-362 Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5...

Check_MK 1.2.8p25 - Information Disclosure

CheckMK 1.2.8p25 - Information Disclosure 1. ADVISORY INFORMATION ======================= Product: Checkmk Vendor URL: https://mathias-kettner.de/checkmk.html Type: Race Condition CWE-362 Date found: 2017-09-21 Date published: 2017-10-18 CVSSv3 Score: 7.5...