CVE-2026-33371

An issue was discovered in Zimbra Collaboration ZCS 10.0 and 10.1. An XML External Entity XXE vulnerability exists in the Zimbra Exchange Web Services EWS SOAP interface due to improper handling of XML input. An authenticated attacker can submit crafted XML data that is processed by an XML parser...

EUVD-2020-26912

Malware in sbrugna...

CVE-2020-5753

Signal Private Messenger Android v4.59.0 and up and iOS v3.8.1.5 and up allows a remote non-contact to ring a victim's Signal phone and disclose currently used DNS server due to ICE Candidate handling before call is answered or declined...

CVE-2024-41671

Twisted.web’s HTTP 1.0/1.1 server could process pipelined requests out of order, leading to information disclosure. Affected component: Twisted (Twisted.web). Root cause: disordered handling of pipelined HTTP requests. Impact: potential information disclosure as described in CVE-2024-41671. Remed...

CVE-2022-20393

In extract3GPPGlobalDescriptions of TextDescriptions.cpp, there is a possible out of bounds read due to an integer overflow. This could lead to local information disclosure from the media server with no additional execution privileges needed. User interaction is not needed for exploitation.Produc...

CVE-2022-32273

As a result of an observable discrepancy in returned messages, OPSWAT MetaDefender Core MDCore before 5.1.2 could allow an authenticated user to enumerate filenames on the server...

Microsoft Exchange Server ECP Authentication Bypass Information Disclosure Vulnerability

This vulnerability allows remote attackers to disclose sensitive information on affected installations of Microsoft Exchange Server. Authentication is not required to exploit this vulnerability. The specific flaw exists within the authentication of requests to web services within the ecp web...

Server side request forgery (ssrf)

An SSRF issue was discovered in Zammad before 3.4.1. The SMS configuration interface for Massenversand is implemented in a way that renders the result of a test request to the User. An attacker can use this to request any URL via a GET request from the network interface of the server. This may le...

EulerOS 2.0 SP8 : squid (EulerOS-SA-2020-1884)

According to the versions of the squid package installed, the EulerOS installation on the remote host is affected by the following vulnerabilities : - An issue was discovered in Squid through 4.7 and 5. When receiving a request, Squid checks its cache to see if it can serve up a response. It does...

Razer: PHPInfo Page on www.razer.ru

The tester discovered a a PHP page disclosing information on a server out of scope of the bounty program. This was a low impact information disclosure of PHP version information. We appreciate the tester bringing this to our attention...

Nextcloud: Exposing debug.log file leads to server full path disclosure

At the following address i have found debug.log file disclose the application full path on the server. https://nextcloud.com/wp-content/debug.log Impact The server should not expose this log file as it could help an attacker to understand the environment that may lead to further attacks...

Starbucks: XXE at ecjobs.starbucks.com.cn/retail/hxpublic_v6/hxdynamicpage6.aspx

Description: Hi,guys,when i was visited the jobs of starbucks websites in Chinahttps://ecjobs.starbucks.com.cn, i found a features of uploaded user's photo.Thought the bypass the security restrictions of upload,i can upload html|xhtml|xml|config files etc.The uploaded html file can realize the...

CVE-2018-8819

An XXE issue was discovered in Automated Logic Corporation ALC WebCTRL Versions 6.0, 6.1 and 6.5. An unauthenticated attacker could enter malicious input to WebCTRL and a weakly configured XML parser will allow the application to disclose full file contents from the underlying web server OS via t...

Web Service Security Assessment Tool: WSSAT

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

CVE-2016-5795

An XXE issue was discovered in Automated Logic Corporation ALC Liebert SiteScan Web Version 6.5 and prior, ALC WebCTRL Version 6.5 and prior, and Carrier i-Vu Version 6.5 and prior. An attacker could enter malicious input to WebCTRL, i-Vu, or SiteScan Web through a weakly configured XML parser...

CVE-2016-5795

This CVE (CVE-2016-5795) affects Automated Logic Corporation WebCTRL, Liebert SiteScan Web (6.5 and earlier), and Carrier i-Vu (6.5 and earlier). Root cause: improper XML parsing configuration allowing XML External Entity (XXE) processing to be exploited via a weakly configured XML parser, enabli...

CVE-2017-4016

Web Server method disclosure in the server in McAfee Network Data Loss Prevention NDLP 9.3.x allows remote attackers to exploit and find another hole via HTTP response header...

Nextcloud: Server version/OS type disclosure via HTTP Response Header

1 Issued request below: GET / HTTP/1.1 Host: demo.nextcloud.com User-Agent: Mozilla/5.0 Windows NT 6.1; Win64; x64; rv:43.0 Gecko/20100101 Firefox/43.0 Accept: text/css,/;q=0.1 Accept-Language: en-US,en;q=0.5 Accept-Encoding: gzip, deflate Referer: https://demo.nextcloud.com/hohoho/ Cookie:...

WSSAT - Web Service Security Assessment Tool

WSSAT is an open source web service security scanning tool which provides a dynamic environment to add, update or delete vulnerabilities by just editing its configuration files. This tool accepts WSDL address list as input file and for each service, it performs both static and dynamic tests again...

CodeIgniter: Web Server Disclosure

I would like to report an exposure of your web server kindly browse https://www.codeigniter.com/.htaccess...