CVE-2017-11155

An information exposure vulnerability in index.php in Synology Photo Station before 6.7.3-3432 and 6.3-2967 allows remote attackers to obtain sensitive system information via unspecified vectors...

Sendio Local File Inclusion Vulnerability

Sendio is affected by a Local File Inclusion vulnerability that allows an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL. SPDX-FileCopyrightText: 2017 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are...

CVE-2016-10399

Sendio versions before 8.2.1 were affected by a Local File Inclusion vulnerability that allowed an unauthenticated, remote attacker to read potentially sensitive system files via a specially crafted URL...

Adobe Captivate Information Disclosure Vulnerability

Adobe Captivate is a screen recording software. An information disclosure vulnerability exists in Adobe Captivate. An attacker can use this vulnerability to obtain sensitive system information...

Design/Logic Flaw

In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS...

CVE-2016-10333

In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS...

CVE-2017-6697

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.29.76...

Code injection

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.29.76...

CVE-2017-6697

A vulnerability in the web interface of Cisco Elastic Services Controllers could allow an authenticated, remote attacker to access sensitive system credentials that are stored in an affected system. More Information: CSCvd76339. Known Affected Releases: 2.29.76...

CVE-2017-6697

Cisco Elastic Services Controller (ESC) Web Interface Information Disclosure vulnerability (CVE-2017-6697) allows an authenticated, remote attacker to access sensitive system credentials stored in an affected ESC web interface. Root cause: insufficient access control to the credential repository ...

CVE-2016-10333

In all Android releases from CAF using the Linux kernel, a sensitive system call was allowed to be called by HLOS...

CVE-2017-6564

On Franklin Fueling Systems TS-550 evo 2.3.0.7332 devices, the Guest user, which contains the lowest privileges, can post to the idSourceFileName parameter found within the /download directory. This ability allows for an attacker to download sensitive system files from the host machine such as...

Command injection

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...

CVE-2017-0305

F5 SSL Intercept iApp version 1.5.0 - 1.5.7 is vulnerable to an unauthenticated, remote attack that may allow modification of the BIG-IP system configuration, extraction of sensitive system files, and possible remote command execution on the system when deployed using the Explicit Proxy feature...

WordPress Booking Calendar Plugin Directory Traversal Vulnerability

WordPress is a set of WordPress Software Foundation's blogging platform developed using the PHP language, which supports personal blog sites on servers with PHP and MySQL. A directory traversal vulnerability exists in WordPress plugin Booking Calendar plugin version 7.0 and earlier versions, whic...

U.S. Dept Of Defense: Bypass file access control vulnerability on a DoD website

A DoD website was configured in a manner that allowed a remote user to bypass a file access control. This vulnerability could have allowed the user to view potentially sensitive system files. @generaleg able to demonstrate this vulnerability by crafting a specially formatted URL. Thanks @generale...

Authorization

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5372

The function msp aka MSPRuntimeInterface in the P4 SERVERCORE component in SAP AS JAVA allows remote attackers to obtain sensitive system information by leveraging a missing authorization check for the 1 getInformation, 2 getParameters, 3 getServiceInfo, 4 getStatistic, or 5 getClientStatistic...

CVE-2017-5372

SAP NetWeaver AS JAVA P4 MSPRuntimeInterface (MSPRuntimeInterface) in SERVERCORE is vulnerable to information disclosure due to missing authorization when calling getInformation, getParameters, getServiceInfo, getStatistic, or getClientStatistic. Public advisories (ErpScan ERPSCAN-16-037 and SAP ...

F5 BIG-IP - BIG-IP virtual server with HTTP Explicit Proxy and/or SOCKS vulnerability CVE-2016-5700

F5 BIG-IP virtual servers with a configuration using the HTTP Explicit Proxy functionality and/or SOCKS profile are vulnerable to an unauthenticated, remote attack that allows modification of BIG-IP system configuration, extraction of sensitive system files, and/or possible remote command executi...