43 matches found
CVE-2022-1401
Improper Access Control vulnerability in the /Exago/WrImageResource.adx route as used in Device42 Asset Management Appliance allows an unauthenticated attacker to read sensitive server files with root permissions. This issue affects: Device42 CMDB versions prior to 18.01.00...
Fortinet FortiOS 路径遍历漏洞
Fortinet FortiOS is a security operating system dedicated to the FortiGate network security platform from Fortinet, a US-based company. The system provides users with a variety of security features such as firewall, anti-virus, IPSec/SSLVPN, Web content filtering and anti-spam, etc. A path...
emlog SQL Injection Vulnerability
emlog is a powerful blog and CMS builder based on PHP and MySQL. A SQL injection vulnerability exists in emlog version 6.0.0-stable. An attacker can exploit this vulnerability to execute arbitrary SQL statements and query sensitive server data via admin/navbar.php?action=addpage...
Arbitrary File Read Vulnerability in SDCMS
SDCMS is a PHP 3-in-1 website management system. SDCMS has an arbitrary file read vulnerability that can be exploited by an attacker to obtain sensitive server information...
VMware vSphere Client Server-Side Request Forgery Vulnerability
VMware Cloud Foundation is a hybrid cloud platform developed by VMware based on the HCI architecture that enables consistent, secure infrastructure and operations between private and public clouds. VMware vSphere Client server-side request forgery vulnerability can be exploited by an attacker wit...
File Containment Vulnerability in MetInfo v5.0.4 of Changsha Mito Information Technology Co.
Mito enterprise building system MetInfo is a free and open source enterprise CMS. Changsha Mito Information Technology Co., Ltd MetInfo v5.0.4 version of the file contains a vulnerability that can be exploited by attackers to view sensitive server files...
Arbitrary File Download Vulnerability in WMCMS
WMCMS is based on PHP + MYSQL as the core development, free + open source professional Chinese labeling system. WMCMS has an arbitrary file download vulnerability that can be exploited by attackers to download sensitive server files...
CVE-2018-19456
The WP Backup+ aka WPbackupplus plugin through 2018-11-22 for WordPress allows remote attackers to obtain sensitive information from server folders and files, as demonstrated by download.sql...
Arbitrary File Read Vulnerability in PowerEasy SmartGov
PowerEasy government website management system PowerEasy SmartGov is a complete set of government portal application solutions provided by PowerEasy according to the actual application requirements of the government. An arbitrary file read vulnerability exists in PowerEasy SmartGov. An attacker c...
CVE-2016-3065
The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...
CVE-2016-3065
The 1 brinpagetype and 2 brinmetapageinfo functions in the pageinspect extension in PostgreSQL before 9.5.x before 9.5.2 allows attackers to bypass intended access restrictions and consequently obtain sensitive server memory information or cause a denial of service server crash via a crafted byte...
U-Mail Mail System Arbitrary File Containment Vulnerability
U-mail is a mail service system. The U-Mail mail system suffers from an arbitrary file inclusion vulnerability, which allows an attacker to exploit the vulnerability to download and view arbitrary files and obtain sensitive server information...
Multiple Flaws Exposed in Pocket Add-on for Firefox
With providing easy accessibility, the battle is not won! Server-side Vulnerabilities have been reported by a security researcher in the popular Pocket add-on that comes attached with the Firefox browser. The security flaws could have allowed hackers to exfiltrate data from the company’s servers ...
id software quake ii server 3.2 - Multiple Vulnerabilities
No description provided by source. source: http://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An...
Nuked-Klan 1.3 - Remote Information Disclosure Vulnerability
No description provided by source. source: http://www.securityfocus.com/bid/6917/info A vulnerability has been discovered in Nuked-Klan which may be exploited to execute certain PHP functions on a target server. This issue occurs in the 'Team', 'News', and 'Lien' modules and is due to insufficien...
Mail.ru: XXE and SSRF on webmaster.mail.ru
SSRF request: POST /domain/metadata HTTP/1.1 Host: webmaster.mail.ru User-Agent: Mozilla/5.0 Macintosh; Intel Mac OS X 10.9; rv:29.0 Gecko/20100101 Firefox/29.0 Accept: application/json, text/javascript, /; q=0.01 Accept-Language: ru-RU,ru;q=0.8,en-US;q=0.5,en;q=0.3 Accept-Encoding: gzip, deflate...
Information disclosure
IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...
CVE-2012-0706
IBM Scale Out Network Attached Storage SONAS 1.3 before 1.3.2.3 requires cleartext storage of LDAP credentials without recommending a less privileged LDAP account, which might allow attackers to obtain sensitive server information by leveraging root access to a client machine...
CVE-2003-1371
CVE-2003-1371 affects Nuked-Klan up to version 1.3b (and possibly earlier). A remote attacker can trigger phpinfo via the op parameter in the Team, News, or Liens modules, causing information disclosure about the server. The available documents do not specify a fixed patch or remediation. If need...
ID Software Quake II Server 3.2 - Multiple Vulnerabilities
source: https://www.securityfocus.com/bid/11551/info Multiple remote vulnerabilities have been reported to affect Quake II. These issues are due to boundary condition checking failures, access validation failures and failures to handle exceptional conditions. An attacker may leverage these issues...