GHSA-5RFV-66G4-JR8H RestrictedPython information leakage via `AttributeError.obj` and the `string` module

Impact A user can gain access to protected and potentially sensible information indirectly via AttributeError.obj and the string module. Patches The problem will be fixed in version 7.3. Workarounds If the application does not require access to the module string, it can remove it from...

CVE-2023-40626

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

Information disclosure

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

CVE-2023-40626 [20231101] - Core - Exposure of environment variables

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

CVE-2023-40626 [20231101] - Core - Exposure of environment variables

The language file parsing process could be manipulated to expose environment variables. Environment variables might contain sensible information...

CVE-2022-24714

Icinga Web 2 is an open source monitoring web interface, framework and command-line interface. Installations of Icinga 2 with the IDO writer enabled are affected. If you use service custom variables in role restrictions, and you regularly decommission service objects, users with said roles may...

Command Injection in Apache James

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

GHSA-84WG-RGP8-2HG4 Command Injection in Apache James

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2021-38542

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

Command injection

Apache James prior to release 3.6.1 is vulnerable to a buffering attack relying on the use of the STARTTLS command. This can result in Man-in -the-middle command injection attacks, leading potentially to leakage of sensible information...

CVE-2018-10863

It was discovered that redhat-certification 7 is not properly configured and it lists all files and directories in the /var/www/rhcert/store/transfer directory, through the /rhcert-transfer URL. An unauthorized attacker may use this flaw to gather sensible information...

CVE-2021-29502

WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...

CVE-2021-29502

WarnSystem is a cog plugin for the Red discord bot. A vulnerability has been found in the code that allows any user to access sensible informations by setting up a specific template which is not properly sanitized. The problem has been patched in version 1.3.18. Users should update and type...

osTicket 1.9.12 XSS / File Upload / Access Bypass / Session Fixation

============================================= - Release date: February 04th, 2016 - Discovered by: Giovanni Cerrato and Enrico Cinquini - Severity: High ============================================= I. VULNERABILITY ------------------------- osTicket multiple vulnerabilities. II. INTRODUCTION...

CMS Ariadna 2009 - SQL Injection

Exploit Title : CMS Ariadna 2009 SQL Injection Date : 2010-04-19 Author : Andrés Gómez Contact : [email protected] Dork : "allinurl: detResolucion.php?tipodocid=" Exploit in Perl Start In Next Line: use LWP::Simple; Malicious users may inject SQL querys into a vulnerable application to fo...

WHMCS V3.7.1 Sensible Information Disclosure

Software: WHMCS V3.7.1 Complete Name: WHM Complete Solution Version 3.7.1 Bug: Information Disclosure Website of the Software: http://www.whmcs.com/ Author: Julian A. Rodriguez Contact: [email protected] Review: An attacker can obtain very sensible information about the server just typing the...