Download Monitor <= 4.7.60 - Sensitive Information Exposure

The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and...

CVE-2024-39822 Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers - Sensitive Information Exposure

Sensitive information exposure in some Zoom Workplace Apps, SDKs, Rooms Clients, and Rooms Controllers may allow an authenticated user to conduct an information disclosure via network access...

Siemens RUGGEDCOM

As of January 10, 2023, CISA will no longer be updating ICS security advisories for Siemens product vulnerabilities beyond the initial advisory. For the most up-to-date information on vulnerabilities in this advisory, please see Siemens' ProductCERT Security Advisories CERT Services | Services |...

CVE-2023-51141

An issue in ZKTeko BioTime v.8.5.4 and before allows a remote attacker to obtain sensitive information via the Authentication & Authorization component...

CVE-2024-0978

The My Private Site plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.0.14 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's site privacy feature and view restricted page and post content...

CVE-2024-1209 LearnDash LMS <= 4.10.1 - Sensitive Information Exposure via assignments

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.1 via direct file access due to insufficient protection of uploaded assignments. This makes it possible for unauthenticated attackers to obtain those uploads...

Screen SFT DAB 600/C Unauthenticated Information Disclosure (userManager.cgx)

Summary Screen's new radio DAB Transmitter is reaching the highest technology level in both Digital Signal Processing and RF domain. SFT DAB Series - Compact Radio DAB Transmitter - Air. Thanks to the digital adaptive precorrection and configuatio flexibility, the Hot Swap System technology, the...

CVE-2023-21462

The sensitive information exposure vulnerability in Quick Share Agent prior to versions 3.5.14.18 in Android 12 and 3.5.16.20 in Android 13 allows to local attacker to access MAC address without related permission...

USN-5861-1: Linux kernel (Dell300x) vulnerabilities

It was discovered that the NFSD implementation in the Linux kernel did not properly handle some RPC messages, leading to a buffer overflow. A remote attacker could use this to cause a denial of service system crash or possibly execute arbitrary code. CVE-2022-43945 Tamás Koczka discovered that th...

Security Bulletin: Miscellaneous security vulnerabilities in IBM Spectrum Copy Data Management

Summary IBM Spectrum Copy Data Management uses weaker than expected cryptographic algorithms, authentication, and password rules. In addition, IBM Spectrum Copy Data Management is vulnerable to execution of arbitrary commands on the system, obtaining sensitive information, and clickjacking...

CVE-2021-3681

A flaw was found in Ansible Galaxy Collections. When collections are built manually, any files in the repository directory that are not explicitly excluded via the buildignore list in "galaxy.yml" include files in the .tar.gz file. This contains sensitive info, such as the user's Ansible Galaxy A...

CVE-2018-12926

Pharos Controls devices allow remote attackers to obtain potentially sensitive information via a direct request for the default/index.lsp or default/log.lsp URI...

Security Bulletin: IBM Flex System Manager (FSM) is affected by multiple php vulnerabilities

Summary Multiple security vulnerabilities have been discovered in php that is embedded in the IBM FSM. This bulletin addresses these vulnerabilities. Vulnerability Details CVEID: CVE-2015-8835 DESCRIPTION: PHP could allow a remote attacker to execute arbitrary code on the system, caused by the...

Security Bulletin: Multiple vulnerabilities in the IBM GSKit component of IBM Tivoli Storage Manager FastBack

Summary There are multiple vulnerabilities in the IBM GSKit component of IBM Tivoli Storage Manager FastBack. IBM Tivoli Storage Manager FastBack has addressed the applicable CVEs. Vulnerability Details CVEID: CVE-2016-0702 DESCRIPTION: OpenSSL could allow a local attacker to obtain sensitive...

Security Bulletin: Security vulnerabilities have been identified in DB2 which is shipped with IBM Performance Management products

Summary DB2 is shipped with IBM Performance Management products. Some of the information about security vulnerabilities affecting DB2 has been published in security bulletins. Vulnerability Details CVEID: CVE-2017-1520 DESCRIPTION: IBM DB2 9.7, 10,1, 10.5, and 11.1 is vulnerable to an unauthorize...

KLINK SQL Injection

Andr�s G�mez Exploit Title : KLINK Sql Injection Vulnerability Date : 2010-12-31 Author : Andr�s G�mez Software Developed by : http://www.contacto.com Contact : [email protected] Dork : "allinurl:.php?txtCodiInfo=" An attacker may execute arbitrary SQL statements on the vulnerable system...

Joomla! Component User Status - Local File Inclusion

Joomla! Component User Status - Local File Inclusion --------------------------------------------------------------------------------- Joomla Component User Status Local File Inclusion --------------------------------------------------------------------------------- Author : Chip D3 Bi0s Group :...

CVE-2009-2606

ASP Football Pool 2.3 stores sensitive information under the web root with insufficient access control, which allows remote attackers to download the database file via a direct request for NFL.mdb...

CVE-2009-2272

The Huawei D100 stores the administrator's account name and password in cleartext in a cookie, which allows context-dependent attackers to obtain sensitive information by 1 reading a cookie file, by 2 sniffing the network for HTTP headers, and possibly by using unspecified other vectors...

CVE-2005-2999

PHP Advanced Transfer Manager 1.30 allows remote attackers to obtain sensitive PHP configuration information via a direct request to test.php...