Duplicator < 1.4.7.1 - Information Disclosure

The Duplicator WordPress plugin before 1.4.7 does not authenticate or authorize visitors before displaying information about the system such as server software, php version and full file system path to the site. id: CVE-2022-2552 info: name: Duplicator 1.4.7.1 - Information Disclosure author:...

CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

CVE-2018-25381 Joomla Responsive Portfolio 1.6.1 SQL Injection via filter parameters

Joomla Responsive Portfolio 1.6.1 contains an SQL injection vulnerability that allows authenticated attackers to execute arbitrary SQL commands through multiple filter parameters. Attackers can inject malicious SQL code via the filtertypeid, filterpidid, and filtersearch parameters in POST reques...

Joomla! Responsive Portfolio SQL注入漏洞

Joomla! Responsive Portfolio is a Joomla! open source Joomla website portfolio extension. A SQL injection vulnerability exists in Joomla! Responsive Portfolio version 1.6.1, which stems from SQL injection of multiple filter parameters, which could lead to an authenticated attacker injecting...

PT-2026-33992

FreeScout is a free self-hosted help desk and shared mailbox. Prior to version 1.8.213, an unauthenticated attacker can access diagnostic and system tools that should be restricted to administrators. The /system/cron endpoint relies on a static MD5 hash derived from the APP KEY, which is exposed ...

GHSA-FGV2-4Q4G-WC35 HAPI FHIR Core has Authentication Credential Leakage via Improper URL Prefix Matching on HTTP Redirect

Summary ManagedWebAccessUtils.getServer uses String.startsWith to match request URLs against configured server URLs for authentication credential dispatch. Because configured server URLs e.g., http://tx.fhir.org lack a trailing slash or host boundary check, an attacker-controlled domain like...

EUVD-2021-24747

Malware in sbrugna...

EUVD-2024-40002

Malicious code in bioql PyPI...

EUVD-2024-22397

Malicious code in bioql PyPI...

Telpo MDM 安全漏洞

Telpo MDM is a mobile device management system from the Chinese company Telpo. A security vulnerability exists in Telpo MDM versions 1.4.6 to 1.4.9, which originates from the plaintext storage of administrator credentials and MQTT server details, and could lead to unauthorized access...

Red Hat Build of Keycloak Information Disclosure Vulnerability

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...

Red Hat build of Keycloak 安全漏洞

Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...

GHSA-JM79-7XHW-6F6F GWC Home Page communicate version and revision information

Summary The GeoWebCache home page includes version and revision information about the software in use. This information is sensitive from a security point of view because it allows software used by the server to be easily identified. Details...

CVE-2024-25035

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

CVE-2021-28975

WP Mailster 1.6.18.0 allows XSS when a victim opens a mail server's details in the mstservers page, for a crafted serverhost, servername, or connectionparameter parameter...

U.S. Dept Of Defense: Exposure of Sensitive Debug File Containing database dump with passwords in plain text

A publicly accessible debug file was discovered, exposing sensitive database credentials including usernames and passwords in plaintext. The file contained information such as the database name, type, and server...

CVE-2024-25035

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

CVE-2024-25035

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

CVE-2024-25035 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...

CVE-2024-25035 IBM Cognos Controller information disclosure

IBM Cognos Controller 11.0.0 and 11.0.1 exposes server details that could allow an attacker to obtain information of the application environment to conduct further attacks...