CVE-2025-36058

IBM Business Automation Workflow containers 25.0.0 through 25.0.0 Interim Fix 002, 24.0.1 through 24.0.1 Interim Fix 005, and 24.0.0 through 24.0.0 Interim Fix 006. IBM Cloud Pak for Business Automation and IBM Business Automation Workflow containers may disclose sensitve configuration informatio...

CVE-2022-38202

There is a path traversal vulnerability in Esri ArcGIS Server versions 10.9.1 and below. Successful exploitation may allow a remote, unauthenticated attacker traverse the file system to access files outside of the intended directory on ArcGIS Server. This could lead to the disclosure of sensitive...

EUVD-2015-3111

Malware in sbrugna...

EUVD-2024-35204

Malicious code in bioql PyPI...

CVE-2025-20270

A vulnerability in the web-based management interface of Cisco Evolved Programmable Network Manager EPNM and Cisco Prime Infrastructure could allow an authenticated, remote attacker to obtain sensitive information from an affected system. This vulnerability is due to improper validation of reques...

CVE-2024-51961

There is a local file inclusion vulnerability in ArcGIS Server 11.3 and below that may allow a remote, unauthenticated attacker to craft a URL that could potentially disclose sensitive configuration information by reading internal files from the remote server. Due to the nature of the files...

CVE-2024-35137 IBM Security Access Manager Docker information disclosure

IBM Security Access Manager Docker 10.0.0.0 through 10.0.7.1 could allow a local user to possibly elevate their privileges due to sensitive configuration information being exposed. IBM X-Force ID: 292413...

IBM Security Access Manager Appliance Security Vulnerability

IBM Security Access Manager Appliance ISAM Appliance is a network appliance-based security solution from International Business Machines IBM. The product is primarily used for access control and Web-based threat protection, providing system performance monitoring, log analysis and diagnostics. A...

Remote file inclusion

A local file inclusion vulnerability in the FileServlet in all SearchBlox before 9.2.2 allows remote, unauthenticated users to read arbitrary files from the operating system via a /searchblox/servlet/FileServlet?col=url= request. Additionally, this may be used to read the contents of the SearchBl...

CVE-2019-1742

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious...

CVE-2019-1742 Cisco IOS XE Software Information Disclosure Vulnerability

A vulnerability in the web UI of Cisco IOS XE Software could allow an unauthenticated, remote attacker to access sensitive configuration information. The vulnerability is due to improper access control to files within the web UI. An attacker could exploit this vulnerability by sending a malicious...

CVE-2018-20609

imcat 4.4 allows remote attackers to obtain potentially sensitive configuration information via the root/tools/adbug/check.php URI...

Information disclosure

The AXIS webapp in deploy-tomcat/axis in IBM Tivoli Application Dependency Discovery Manager TADDM 7.1.2 and 7.2.0 through 7.2.1.4 allows remote attackers to obtain sensitive configuration information via a direct request, as demonstrated by happyaxis.jsp. IBM X-Force ID: 84354...

CVE-2017-11356

The application distribution export functionality in PEGA Platform 7.2 ML0 and earlier allows remote authenticated users with certain privileges to obtain sensitive configuration information by leveraging a missing access control...

CVE-2017-6045

An Information Exposure issue was discovered in Trihedral VTScada Versions prior to 11.2.26. Some files are exposed within the web server application to unauthenticated users. These files may contain sensitive configuration information...

Format string

Siemens SIMATIC STEP 7 TIA Portal before 14 uses an improper format for managing TIA project files during version updates, which makes it easier for local users to obtain sensitive configuration information via unspecified vectors...

Cross site request forgery (csrf)

Web Server in Apple OS X Server before 5.1 does not properly restrict access to .DSStore and .htaccess files, which allows remote attackers to obtain sensitive configuration information via an HTTP request...

Clever Copy 3.0 Connect.INC Information Disclosure Vulnerability

No description provided by source. source: http://www.securityfocus.com/bid/17461/info Clever Copy is prone to an information-disclosure vulnerability. A remote attacker could leverage this issue to gain access to sensitive configuration information. The attacker could then use this information t...

Resource file path traversal in IconDownloadResourceManager

To reproduce: 1. Create a new page title doesn't matter. 2. Insert an image with URL: code:none /confluence/images/icons/profilepics/../../../WEB-INF/classes/crowd.properties code with /confluence/ replaced with the correct base path. Edit the page, click +, click Image, select the From the Web...

Amazon Linux AMI : puppet (ALAS-2012-135)

Directory traversal vulnerability in lib/puppet/reports/store.rb in Puppet before 2.6.17 and 2.7.x before 2.7.18, and Puppet Enterprise before 2.5.2, when Delete is enabled in auth.conf, allows remote authenticated users to delete arbitrary files on the puppet master server via a .. dot dot in a...