53 matches found
HCL Domino Security Vulnerability
HCL Technologies HCL Domino is an application software from HCL Technologies, Inc. It provides a platform for application development. A security vulnerability exists in HCL Domino, which arises from the presence of sensitive configuration information leakage that can be exploited by remote,...
CVE-2024-35137
IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413...
BIT-CONTOUR-2021-32783 Authorization bypass in Contour
Contour is a Kubernetes ingress controller using Envoy proxy. In Contour before version 1.17.1 a specially crafted ExternalName type Service may be used to access Envoy's admin interface, which Contour normally prevents from access outside the Envoy container. This can be used to shut down Envoy...
CVE-2021-34702 Cisco Identity Services Engine Sensitive Information Disclosure Vulnerability
A vulnerability in the web-based management interface of Cisco Identity Services Engine ISE could allow an authenticated, remote attacker to obtain sensitive information. This vulnerability is due to improper enforcement of administrator privilege levels for low-value sensitive data. An attacker...
U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak
Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...
Cisco IOS XE Information Disclosure Vulnerability
Cisco IOS XE is a modular operating system based on the Linux kernel. An information disclosure vulnerability exists in the web UI of Cisco IOS XE, which can be exploited by a remote attacker to access sensitive configuration information by sending a malicious request to an affected device...
PYSEC-2019-78
A vulnerability was found in ceilometer before version 12.0.0.0rc1. An Information Exposure in ceilometer-agent prints sensitive configuration data to log files without DEBUG logging being activated...
CVE-2018-1670
IBM Financial Transaction Manager for ACH Services for Multi-Platform 3.0.2 could allow an authenticated user to obtain sensitive product configuration information from log files. IBM X-Force ID: 144946...
CVE-2018-1000060
Sensu, Inc. Sensu Core version Before 1.2.0 & before commit 46ff10023e8cbf1b6978838f47c51b20b98fe30b contains a CWE-522 vulnerability in Sensu::Utilities.redactsensitive that can result in sensitive configuration data e.g. passwords may be logged in clear-text. This attack appear to be exploitabl...
CVE-2016-5849
Siemens SICAM PAS through 8.07 allows local users to obtain sensitive configuration information by leveraging database stoppage...
CVE-2016-1776
Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DSStore and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request...
McAfee Advanced Threat Defense Information Disclosure Vulnerability (CNVD-2015-02279)
McAfee Advanced Threat Defense provides advanced threat defense that defends against advanced malware, including zero-day persistent threats and advanced persistent threats. A security vulnerability in the McAfee Advanced Threat Defense WEB interface allows a remote, authenticated attacker to...
CVE-2006-3285
The internal database in Cisco Wireless Control System WCS for Linux and Windows before 3.251 uses an undocumented, hard-coded username and password, which allows remote authenticated users to read, and possibly modify, sensitive configuration data aka bugs CSCsd15955...