CVE-2019-1661 Cisco TelePresence Management Suite Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco TelePresence Management Suite TMS software could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based management interface of an affected device. The vulnerability is d...

CVE-2019-1655 Cisco Webex Meetings Server Cross-Site Scripting Vulnerability

A vulnerability in the web-based management interface of Cisco Webex Meetings Server could allow an unauthenticated, remote attacker to conduct a cross-site scripting XSS attack against a user of the web-based interface of the affected software. The vulnerability is due to insufficient validation...

CVE-2018-1751

IBM Security Key Lifecycle Manager 3.0 through 3.0.0.2 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: 148512...

Oracle Outside In vsxl5 GelFrame Record Out-Of-Bounds Read Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Oracle Outside In. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within...

Adobe Acrobat and Reader Out-of-bounds read (APSB18-41: CVE-2018-19709)

A out of bounds read vulnerability exists in Adobe Acrobat and Reader. Successful exploitation of this vulnerability could allow a remote attacker to obtain sensitive information...

Cisco Meeting Server Information Disclosure Vulnerability

A vulnerability in Cisco Meeting Server could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is due to improper protections on data that is returned from user meeting requests when the Guest access via ID and passcode option is set to Legacy...

Information Disclosure

jekyll is vulnerable to information disclosures. The library does not check if the directory passed during a build, allowing a malicious user to gain access to sensitive files by passing a symlink directory in the config.yml file...

Cisco RV110W, RV130W, and RV215W Routers Management Interface Information Disclosure Vulnerability

A vulnerability in the web-based management interface of the Cisco RV110W Wireless-N VPN Firewall, Cisco RV130W Wireless-N Multifunction VPN Router, and Cisco RV215W Wireless-N VPN Router could allow an unauthenticated, remote attacker to gain access to sensitive information. The vulnerability is...

Symfony Remote Information Disclosure

Exploit Title: Symfony 2.7.13 - Remote information Disclosure Google Dork: N/A Date: 6/27/2018 Exploit Author: Abdeljalil Nouiri pwny Author Mail : abdel001nouiriatgmaildotcom Vendor Homepage: https://www.symfony.com/ Version: 2.7.13 Tested on: Win10 x64, Ubuntu Exploit : -STEP 1: This...

GHSA-QMJG-G86H-6RC9 d3.js is malware

The d3.js package is a piece of malware that steals environment variables and sends them to attacker controlled locations. All versions have been unpublished from the npm registry. Recommendation As this package is malware, if you find it installed in your environment, the real security concern i...

Xxe

IBM FileNet Content Manager, IBM Content Foundation, and IBM Case Foundation Administration Console for Content Platform Engine ACCE 5.2.1 and 5.5.0 are vulnerable to a XML External Entity Injection XXE attack when processing XML data. A remote attacker could exploit this vulnerability to expose...

Netgear Information Disclosure - Ver2 (CVE-2013-4775)

An information disclosure vulnerability exists in Netgear. Successful exploitation of this vulnerability would allow a remote attacker to obtain sensitive information...

Security Bulletin: PostgreSQL 9.2.8 as used in IBM QRadar SIEM 7.2.4 and IBM QRadar SIEM 7.1 MR2 is vulnerable to allow a remote authenticated attacker to obtain sensitive information. (CVE-2014-8161, CVE-2015-0241, CVE-2015-0243, CVE-2015-0244)

Summary Multiple security vulnerabilities have been discovered in the PostgreSQL component bundled with IBM QRadar version 7.1.x and 7.2.x. Vulnerability Details CVE-ID: CVE-2014-8161 Description: PostgreSQL could allow a remote authenticated attacker to obtain sensitive information, caused by a...

CVE-2013-3018

The CVE-2013-3018 issue affects IBM Tivoli Application Dependency Discovery Manager (TADDM) where the AXIS webapp under deploy-tomcat/axis exposes TADDM configuration information without authentication (happyaxis.jsp) in TADDM versions 7.1.2 and 7.2.0–7.2.1.4. A remediation is available: upgrade ...

Microsoft Windows Kernel CVE-2018-8127 Local Information Disclosure Vulnerability

Description Microsoft Windows is prone to a local information-disclosure vulnerability. Local attackers can exploit this issue to obtain sensitive information that may lead to further attacks. Technologies Affected Microsoft Windows 10 Version 1607 for 32-bit Systems Microsoft Windows 10 Version...

CVE-2014-6109

IBM Tivoli Identity Manager 5.1.x before 5.1.0.15-ISS-TIM-IF0057 and Security Identity Manager 6.0.x before 6.0.0.4-ISS-SIM-IF0001 and 7.0.x before 7.0.0.0-ISS-SIM-IF0003 allow remote authenticated users to bypass intended access restrictions and obtain sensitive information via vectors related t...

CVE-2017-12310

CVE-2017-12310 concerns Cisco Spark Hybrid Calendar Service, where the auto-discovery phase processes unencrypted HTTP requests. The vulnerability allows an unauthenticated, remote attacker to view unencrypted HTTP header information, enabling reconnaissance that could lead to disclosure of sensi...

Microsoft Windows Remote Assistance XML External Entity Processing Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on vulnerable installations of Microsoft Windows. User interaction is required to exploit this vulnerability in that the target must visit a malicious page or open a malicious file. The specific flaw exists within the...

HackerOne: Extra program metrics disclosed via /PROGRAM_NAME json response

Summary: The response to www.hackerone.com/PROGRAM.json includes slamissedcount slafailedcount and researchercount. Description: Viewing the response from a program's json endpoint includes the values for slamissedcount, slafailedcount and researchercount. With regards to the SLA metrics, these a...

CVE-2018-2374

In SAP HANA Extended Application Services, 1.0, a controller user who has SpaceAuditor authorization in a specific space could retrieve sensitive application data like service bindings within that space...