20 matches found
EUVD-2012-0738
Malware in sbrugna...
EUVD-2018-12578
Malware in sbrugna...
EUVD-2022-35817
Malicious code in bioql PyPI...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the /admin/serverinfo endpoint...
USN-7351-1: RESTEasy vulnerabilities
Nikos Papadopoulos discovered that RESTEasy improperly handled URL encoding when certain errors occur. An attacker could possibly use this issue to modify the app's behavior for other users through the network. CVE-2020-10688 Mirko Selber discovered that RESTEasy improperly validated user input...
IBM Security Verify Directory Information Disclosure Vulnerability
IBM Security Verify Directory is part of an authentication and access management solution from International Business Machines IBM. An information disclosure vulnerability exists in IBM Security verify Directory version 10.0.0, which can be exploited by an attacker to obtain sensitive server...
Design/Logic Flaw
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...
CVE-2023-51650 Unauthorized access vulnerability on three interfaces
Hertzbeat is an open source, real-time monitoring system. Prior to version 1.4.1, Spring Boot permission configuration issues caused unauthorized access vulnerabilities to three interfaces. This could result in disclosure of sensitive server information. Version 1.4.1 fixes this issue...
GoCD 安全漏洞
GoCD is a continuous delivery server. A security vulnerability exists in GoCD versions 19.2.0 through 19.11.0 that originates from allowing an authenticated agent to impersonate another agent, resulting in an access control outage and incorrect authentication of agent tokens in the GoCD server to...
CVE-2022-38258
A local file inclusion LFI vulnerability in D-Link DIR 819 v1.06 allows attackers to cause a Denial of Service DoS or access sensitive server information via manipulation of the getpage parameter in a crafted web request...
CVE-2022-38258
The CVE-2022-38258 vulnerability affects D-Link DIR-819 (firmware v1.06) through a local file inclusion (LFI) in the web interface via the getpage parameter. The underlying issue allows an attacker to trigger a Denial of Service or access sensitive server information by crafting a crafted request...
Fortinet FortiOS 路径遍历漏洞
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. A path...
Arbitrary File Read Vulnerability in SDCMS
SDCMS is a PHP 3-in-1 website management system. SDCMS has an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive server information...
VMware vSphere Client Server-Side Request Forgery Vulnerability
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
U-Mail Mail System Arbitrary File Containment Vulnerability
U-mail is a mail service system. The U-Mail mail system suffers from an arbitrary file inclusion vulnerability, which allows an attacker to exploit the vulnerability to download and view arbitrary files and obtain sensitive server information...
Multiple Flaws Exposed in Pocket Add-on for Firefox
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers ...
Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficien...
Information disclosure
IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...
CVE-2012-0706
IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...
CVE-2003-1371
CVE-2003-1371 affects Nuked-Klan up to version 1.3b (and possibly earlier). A remote attacker can trigger phpinfo via the op parameter in the Team, News, or Liens modules, causing information disclosure about the server. The available documents do not specify a fixed patch or remediation. If need...