Odoo 8.0/9.0/10.0 - Local File Inclusion

Odoo 8.0, 9.0, and 10.0 are susceptible to local file inclusion via tools.fileopen. An attacker can potentially obtain sensitive information, modify data, and/or execute unauthorized administrative operations in the context of the affected site. id: CVE-2017-9416 info: name: Odoo 8.0/9.0/10.0 -...

SmarterTools SmarterTrack - Cross-Site Scripting

Cross-site Scripting XSS vulnerability in SmarterTools SmarterTrack This issue affects: SmarterTools SmarterTrack 100.0.8019.14010. id: CVE-2022-24384 info: name: SmarterTools SmarterTrack - Cross-Site Scripting author: E1A severity: medium description: | Cross-site Scripting XSS vulnerability in...

CVE-2024-45250

CVE-2024-45250 affects ZKTeco iClock (biometric fingerprint reader) with versions around v3.1-168, described as CWE-200 exposure of sensitive information to an unauthorized actor. The vulnerability is framed as an information disclosure issue where sensitive data could be exposed to unauthorized ...

CVE-2024-35155 IBM MQ information disclosure

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: 292765...

CVE-2024-31552

CuteHttpFileServer v.3.1 version has an arbitrary file download vulnerability, which allows attackers to download arbitrary files on the server and obtain sensitive information...

CVE-2024-20823

Implicit intent hijacking vulnerability in SamsungAccount of Galaxy Store prior to version 4.5.63.6 allows local attackers to access sensitive information via implicit intent...

CVE-2024-23207

CVE-2024-23207 affects Apple platforms and is associated with an issue where an app may access sensitive user data due to improved redaction of sensitive information. Remediation is provided by updates: watchOS 10.3, iOS 17.3 and iPadOS 17.3, macOS Sonoma 14.3, macOS Ventura 13.6.4, and macOS Mon...

Microweber Security Breach

Microweber is an online store management system that provides drag and drop functionality from the Microweber community in the United States. The system includes modules for adding products, images, and more. A security vulnerability exists in Microweber version v.2.0.1. A remote attacker can...

CVE-2023-48894

Incorrect Access Control vulnerability in jshERP V3.3 allows attackers to obtain sensitive information via the doFilter function...

Information Disclosure

virtualbox is vulnerable to Information Disclosure. The vulnerability allows a high privileged attacker with logon to the infrastructure to compromise the application, which leads to unauthorized read access, resulting in disclosure of sensitive information...

CVE-2022-4162

The Contest Gallery WordPress plugin before 19.1.5.1, Contest Gallery Pro WordPress plugin before 19.1.5.1 do not escape the cgrow POST parameter before concatenating it to an SQL query in 3row-order.php. This may allow malicious users with at least author privilege to leak sensitive information...

CVE-2022-33911

CVE-2022-33911 affects Couchbase Server 7.x (prior to 7.0.4). The issue lies in the Analytics Service: field names are not redacted in logged validation messages, enabling an unauthorized actor to potentially obtain sensitive information. The connected documents confirm the vulnerability details ...

CVE-2022-34175

Jenkins 2.335 through 2.355 both inclusive allows attackers in some cases to bypass a protection mechanism, thereby directly accessing some view fragments containing sensitive information, bypassing any permission checks in the corresponding view...

GHSA-JRHW-R343-PJWJ Jenkins Perforce Plugin exposure of sensitive information vulnerability exists

An exposure of sensitive information vulnerability exists in Jenkins Perforce Plugin version 1.3.36 and older in PerforcePasswordEncryptor.java that allows attackers with insufficient permission to obtain Perforce passwords configured in jobs to obtain them...

AKCMS suffers from SQL injection vulnerability (CNVD-2021-51280)

AKCMS is a lightweight content management system based on PHP and MySQL. AKCMS suffers from an SQL injection vulnerability that can be exploited by attackers to obtain sensitive database information...

OneDrive Sync Provider Enumeration Module

This module will identify the Office 365 OneDrive endpoints for both business and personal accounts across all users providing access is permitted. It is useful for identifying document libraries that may otherwise not be obvious which could contain sensitive or useful information. Module Options...

CVE-2020-28861

OpenAsset Digital Asset Management DAM 12.0.19 and earlier failed to implement access controls on /Stream/ProjectsCSV endpoint, allowing unauthenticated attackers to gain access to potentially sensitive project information stored by the application...

CVE-2020-13783

D-Link DIR-865L Ax 1.20B01 Beta devices have Cleartext Storage of Sensitive Information...

CVE-2019-15704

A clear text storage of sensitive information vulnerability in FortiClient for Mac may allow a local attacker to read sensitive information logged in the console window when the user connects to an SSL VPN Gateway...

CVE-2019-9846

RockOA 1.8.7 allows remote attackers to obtain sensitive information because the webmain/webmainAction.php publictreestore method constructs a SQL WHERE clause unsafely by using the pidfields and idfields parameters, aka background SQL injection...