EUVD-2017-7353

Malware in sbrugna...

EUVD-2024-3579

Malicious code in bioql PyPI...

CVE-2025-23374

Dell Networking Switches running Enterprise SONiC OS, versions prior to 4.4.1 and 4.2.3, contains an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

CVE-2025-23374

Dell Networking Switches running Enterprise SONiC OS, versions prior to 4.4.1 and 4.2.3, contains an Insertion of Sensitive Information into Log File vulnerability. A high privileged attacker with remote access could potentially exploit this vulnerability, leading to Information exposure...

VulnCheck KEV: CVE-2002-1149

The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings...

CVE-2024-25646

Due to improper validation, SAP BusinessObject Business Intelligence Launch Pad allows an authenticated attacker to access operating system information using crafted document. On successful exploitation there could be a considerable impact on confidentiality of the application...

CVE-2022-1911 Information disclosure in M-Files Server

Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system...

CVE-2022-32959

The CVE-2022-32959 entry concerns HiCOS’ client-side citizen digital certificate component, which is vulnerable to a stack-based buffer overflow when reading IC card data due to insufficient validation of OS information parameter length. The impact described in the sources is arbitrary code execu...

CVE-2020-2048 PAN-OS: System proxy passwords may be logged in clear text while viewing system state

An information exposure through log file vulnerability exists where the password for the configured system proxy server for a PAN-OS appliance may be displayed in cleartext when using the CLI in Palo Alto Networks PAN-OS software. This issue impacts: PAN-OS 8.1 versions earlier than PAN-OS 8.1.17...

Insecure RDP

There are active attack campaigns as of October 2020 targeting RDP servers without multi-factor authentication enabled. Recent assessments: zeroSteiner at October 09, 2020 6:36pm UTC reported: Over the past couple of years 2018-2020 attacks against RDP have become more and more common. Recent...

Malicious Package in sparkies

This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...

Malicious Package

maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...

CVE-2019-4679

IBM Content Navigator 3.0CD exposes hosting operating system and version information in the logon response for authenticated users, enabling information disclosure that could support targeted attacks. Mitigation is to apply the IBM Content Navigator remediation: upgrade to the 3.0 Continuous Deli...

Postenum - A Clean, Nice And Easy Tool For Basic/Advanced Privilege Escalation Techniques

Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Be more than a normal user. be the ROOT. USE ./postenum.sh option ./postenum.sh -s ./postenum.sh -c Options : -a : All -s : Filesyst...

Slack: Information leakage and default open port

@freem0 found Prometheus plugin output that was exposed at one of our servers. The information exposed including some OS information metrics about memory usage, but no customer data was at risk and no exploit was possible. Thank you @freem0!...

CVE-2017-15937

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...

Design/Logic Flaw

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...

CVE-2017-15937

Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...

cics-info NSE Script

Using the CICS transaction CEMT, this script attempts to gather information about the current CICS transaction server region. It gathers OS information, Datasets files, transactions and user ids. Based on CICSpwn script by Ayoub ELAASSAL. Script Arguments cics-info.trans Instead of gathering all...

withinsecurity: Content Spoofing OR Text Injection in https://withinsecurity.com

Hi, I just found Content Spoofing OR Text-based injection vulnerability in https://withinsecurity.com site that would like to get fixed, Below are the POC and steps to reproduced an issue. 1 Go to https://withinsecurity.com this site 2 Then just changed above url like this...