15 matches found
EUVD-2017-7353
Malware in sbrugna...
EUVD-2024-3579
Malicious code in bioql PyPI...
VulnCheck KEV: CVE-2002-1149
The installation procedure for Invision Board suggests that users install the phpinfo.php program under the web root, which leaks sensitive information such as absolute pathnames, OS information, and PHP settings...
CVE-2022-1911 Information disclosure in M-Files Server
Error in parser function in M-Files Server versions before 22.6.11534.1 and before 22.6.11505.0 allowed unauthenticated access to some information of the underlying operating system...
CVE-2022-32959
The CVE-2022-32959 entry concerns HiCOS’ client-side citizen digital certificate component, which is vulnerable to a stack-based buffer overflow when reading IC card data due to insufficient validation of OS information parameter length. The impact described in the sources is arbitrary code execu...
Malicious Package in sparkies
This package contained malicious code. The package uploaded system information such as OS and hostname to a remote server. Recommendation Remove the package from your environment. There are no indications of further compromise...
Malicious Package
maleficent contains malicious code. The code when executed in the browser would capture environment variables, OS information, network interface, AWS credentials, npm credentials and ssh keys. It also subsequently prints the information to a local file...
Postenum - A Clean, Nice And Easy Tool For Basic/Advanced Privilege Escalation Techniques
Postenum is a clean, nice and easy tool for basic/advanced privilege escalation vectors/techniques. Postenum tool is intended to be executed locally on a Linux box. Be more than a normal user. be the ROOT. USE ./postenum.sh option ./postenum.sh -s ./postenum.sh -c Options : -a : All -s : Filesyst...
Slack: Information leakage and default open port
@freem0 found Prometheus plugin output that was exposed at one of our servers. The information exposed including some OS information metrics about memory usage, but no customer data was at risk and no exploit was possible. Thank you @freem0!...
CVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...
Design/Logic Flaw
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...
CVE-2017-15937
Artica Pandora FMS version 7.0 leaks a full installation pathname via GET data when intercepting the main page's graph requisition. This also implies that general OS information is leaked e.g., a /var/www pathname typically means Linux or UNIX...
cics-info NSE Script
Using the CICS transaction CEMT, this script attempts to gather information about the current CICS transaction server region. It gathers OS information, Datasets files, transactions and user ids. Based on CICSpwn script by Ayoub ELAASSAL. Script Arguments cics-info.trans Instead of gathering all...
withinsecurity: Content Spoofing OR Text Injection in https://withinsecurity.com
Hi, I just found Content Spoofing OR Text-based injection vulnerability in https://withinsecurity.com site that would like to get fixed, Below are the POC and steps to reproduced an issue. 1 Go to https://withinsecurity.com this site 2 Then just changed above url like this...
Post-scan OS Identification
This plugin processes and reports on system information about the remote host detected by other plugins. This information is used by Tenable products for informational and tracking purposes. The main asset attributes processed in this plugin include: - OS - DNS Names - IP Address - MAC Addresses ...