Lucene search
K

283 matches found

0day.today
0day.today
added 2024/10/11 12:0 a.m.214 views

ABB Cylon Aspect 3.08.01 persistenceManagerAjax.php Directory Traversal Vulnerability

ABB Cylon Aspect version 3.08.01 has a directory traversal vulnerability that can be exploited by an unauthenticated attacker to list the contents of arbitrary directories without reading file contents, leading to information disclosure of directory structures and filenames. This may expose...

7.1AI score
Exploits0
Cvelist
Cvelist
added 2024/09/12 4:56 p.m.23 views

CVE-2024-6389 Exposure of Sensitive System Information to an Unauthorized Control Sphere in GitLab

An issue was discovered in GitLab-CE/EE affecting all versions starting with 17.0 before 17.1.7, 17.2 before 17.2.5, and 17.3 before 17.3.2. An attacker as a guest user was able to access commit information via the release Atom endpoint, contrary to permissions...

4.3CVSS0.00434EPSS
Exploits0References2
Veracode
Veracode
added 2024/07/25 8:23 a.m.26 views

Information Exposure

org.apache.pinot, pinot-controllert is vulnerable to Information Exposure. The vulnerability is due to the lack of proper access controls within the "/appconfigs" endpoint, which allows unauthorized users to access sensitive system and environment information...

7.5CVSS6.9AI score0.00846EPSS
Exploits0References5Affected Software1
Vulnrichment
Vulnrichment
added 2024/07/12 12:0 a.m.16 views

CVE-2024-31947

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...

6.6AI score0.00727EPSS
Exploits0References2
CVE
CVE
added 2024/07/12 12:0 a.m.51 views

CVE-2024-31947

CVE-2024-31947 affects StoneFly Storage Concentrator (SC and SCVM) prior to version 8.0.4.26. The vulnerability is a directory traversal flaw triggered by a crafted path parameter used with the Online Help facility, exploitable by authenticated users and potentially exposing sensitive system info...

6.5CVSS6.8AI score0.00727EPSS
Exploits0References2Affected Software1
Cvelist
Cvelist
added 2024/07/12 12:0 a.m.26 views

CVE-2024-31947

StoneFly Storage Concentrator SC and SCVM before 8.0.4.26 allows Directory Traversal by authenticated users. Using a crafted path parameter with the Online Help facility can expose sensitive system information...

0.00727EPSS
Exploits0References2
CNVD
CNVD
added 2024/07/10 12:0 a.m.4 views

Siemens RUGGEDCOM ROS Information Disclosure Vulnerability (CNVD-2024-31234)

Siemens RuggedCom ROS is an operating system from Siemens, Germany, used in the RuggedCom series of switches. An information disclosure vulnerability exists in Siemens RUGGEDCOM ROS, which can be exploited by an attacker to expose sensitive system information to unauthorized control...

8.8CVSS6.1AI score0.00282EPSS
Exploits0References1
Veracode
Veracode
added 2024/06/06 6:2 a.m.15 views

Information Disclosure

TYPO3/CMS is vulnerable to Information Disclosure. This vulnerability arises from insufficient validation and handling of uploaded files within forms. It may result in arbitrary file disclosure or unauthorized access to sensitive system files...

7AI score
Exploits0
NVD
NVD
added 2024/04/15 3:16 a.m.22 views

CVE-2024-3774

aEnrich Technology a+HRD's functionality for front-end retrieval of system configuration values lacks proper restrictions on a specific parameter, allowing attackers to modify this parameter to access certain sensitive system configuration values...

5.3CVSS5.2AI score0.00357EPSS
Exploits0References1
Japan Vulnerability Notes
Japan Vulnerability Notes
added 2024/04/05 12:0 a.m.58 views

JVN#82074338: Multiple vulnerabilities in NEC Aterm series

Aterm series provided by NEC Corporation contains multiple vulnerabilities listed below. Incorrect Permission Assignment for Critical Resource CWE-732 CVSS:3.0/AV:A/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H Base Score 8.0 CVE-2024-28005 Exposure of Sensitive System Information to an Unauthorized Control...

9.8CVSS10AI score0.00743EPSS
Exploits0
Veracode
Veracode
added 2024/02/12 2:14 p.m.38 views

Insufficiently Protected Credentials

Apache Solr is vulnerable to Insufficiently Protected Credentials. The vulnerability is caused due to system property redaction logic inconsistencies. This allows an attacker to access sensitive system properties, including credentials such as passwords or secret keys...

7.5CVSS6.6AI score0.03306EPSS
Exploits0References5Affected Software1
Github Security Blog
Github Security Blog
added 2024/02/09 6:31 p.m.30 views

Apache Solr can leak certain passwords due to System Property redaction logic inconsistencies

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS7.1AI score0.03306EPSS
Exploits0References7Affected Software1
Prion
Prion
added 2024/02/09 6:15 p.m.28 views

Design/Logic Flaw

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

5CVSS7.1AI score0.03306EPSS
Exploits0References2Affected Software1
Debian CVE
Debian CVE
added 2024/02/09 5:29 p.m.28 views

CVE-2023-50291

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.5CVSS6.9AI score0.03306EPSS
Exploits0
Cvelist
Cvelist
added 2024/02/09 5:29 p.m.43 views

CVE-2023-50291 Apache Solr: System Property redaction logic inconsistency can lead to leaked passwords

Insufficiently Protected Credentials vulnerability in Apache Solr. This issue affects Apache Solr: from 6.0.0 through 8.11.2, from 9.0.0 before 9.3.0. One of the two endpoints that publishes the Solr process' Java system properties, /admin/info/properties, was only setup to hide system properties...

7.7AI score0.03306EPSS
Exploits0References2
NVD
NVD
added 2023/12/15 10:15 a.m.16 views

CVE-2023-48393

Kaifa Technology WebITR is an online attendance system. A remote attacker with regular user privilege can obtain partial sensitive system information from error message...

4.3CVSS0.0057EPSS
Exploits0References1
Veracode
Veracode
added 2023/12/08 4:54 p.m.23 views

Information Disclosure

microweber/microweber is vulnerable to Information Disclosure. The vulnerability exists due the file upload functionality, which allows an attacker to upload a ZIP file, which will result in an error containing sensitive system information...

4.3CVSS6.6AI score0.0049EPSS
Exploits1References3Affected Software1
Prion
Prion
added 2023/11/14 7:15 p.m.15 views

Information disclosure

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access...

1.7CVSS6.3AI score0.00216EPSS
Exploits0References1Affected Software1
Cvelist
Cvelist
added 2023/11/14 7:4 p.m.36 views

CVE-2022-43666

Exposure of sensitive system information due to uncleared debug information for some Intel Unison software may allow an authenticated user to potentially enable information disclosure via local access...

3.3CVSS5.4AI score0.00216EPSS
Exploits0References1
NVD
NVD
added 2023/10/17 5:15 a.m.16 views

CVE-2023-34209

Exposure of Sensitive System Information to an Unauthorized Control Sphere in create template function in EasyUse MailHunter Ultimate 2023 and earlier allow remote authenticated users to obtain the absolute path via unencrypted VIEWSTATE parameter...

5CVSS4.8AI score0.00429EPSS
Exploits0References1
Rows per page
Query Builder