CS Money: Internal Path Disclosure

Hello Team, I would like to report internal path disclosure in response. I was trying for Stored XSS but got no luck in that process. I observed the responses, one of the responses showing file path with 500 Internal Server Error. Steps To Reproduce: 1. Go to cs.money and sign in through steam...

Shopify: damage to the timeline so that comment fields cannot be displayed or not available to all members in the store

see https://a-alert-b-y000-b-finda.myshopify.com/admin/discounts/416981811222 I tried to make a discount code with a product name and a discount code like: ± ± when I havehtag the product name on the timeline comment and I get a "server error" reply and it causes crashes to the timeline, so...

Nextcloud: Denial of Service when entring an Array in email at seetings

in settings https://demo2.nextcloud.com/index.php/settings/users/TweLbFT93aqRnEfF/settings when you submit the request with email value Array the server return 500 Internal Server Error Poc video: F954435 Impact denial a service attack on the server. This may lead to the website becoming slow or...

Design/Logic Flaw

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

CVE-2019-12864

SolarWinds Orion Platform 2018.4 HF3 NPM 12.4, NetPath 1.1.4 is vulnerable to Information Leakage, because of improper error handling with stack traces, as demonstrated by discovering a full pathname upon a 500 Internal Server Error via the api2/swis/query?lang=en-us&swAlertOnError=false query...

February 10, 2015 update for Office Web Apps Server 2013 (KB2956101)

February 10, 2015 update for Office Web Apps Server 2013 KB2956101 This article describes update KB2956101 for Microsoft Office Web Apps Server 2013 that was released on February 10, 2015. This update has a prerequisite. Improvements and Fixes Improves localization to make sure that the meanings...

X (Formerly Twitter): character limitation bypass can lead to DoS on Twitter App and 500 Internal Server Error

Summary: If you are creating a new moment on https://twitter.com/username/moments you get redirected to https://twitter.com/i/moments/edit/moments-id. There you can set a title, a description and also you can add, if you want, a Tweet to your Moment. The title and also the description are...

SmartClient Absolute Path Information Disclosure Vulnerability

smartclient is an enterprise ajax framework , including very good UI library , tool library and client-server data binding and other features . An absolute path information disclosure vulnerability exists in SmartClient 12.0. An unauthenticated attacker can exploit this vulnerability by sending a...

Error: Lost connection to lmgrd, heartbeat timeout expired, exiting. EXITING DUE TO SIGNAL 28 Exit Reason 5 in License server

The following error appears in the log files on the License Server and the connection to the License Server is disconnected: Lost connection to lmgrd , heartbeat timeout expired, exiting. EXITING DUE TO SIGNAL 28 Exit Reason 5...

Cannot access Licensing Node in Citrix Studio. “An error occurred with the Citrix License Server..”

It is not possible to change the License Server from within Citrix Studio. The error appears, “An error has occurred with the Citrix License Server….” On clicking View error details, the following information appears: Error Id: XDDS:CFA44753Exception:...

SAP Enable Now Information Disclosure Vulnerability (CNVD-2020-09646)

SAP Enable Now is a collaborative content creation, management and sharing platform from SAP. The platform is mainly used for online learning and training in SAP and non-SAP systems. An information disclosure vulnerability exists in SAP Enable Now. An attacker could exploit this vulnerability to...

Information disclosure

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...

CVE-2019-0404

SAP Enable Now, before version 1911, leaks information about network configuration in the server error messages, leading to Information Disclosure...

Error: No Product Licenses Found on the License Server for the Selected Model

When configuring XenApp 6.5, the following error message is displayed: “No product licenses found on the license server for the selected model”...

sssd security, bug fix, and enhancement update

1.16.4-21 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization - Rebuild japanese gmo file explicitly 1.16.4-20 - Resolves: rhbz1714952 - sssd RHEL 7.7 Tier 0 Localization 1.16.4-19 - Resolves: rhbz1707959 - sssd does not properly check GSS-SPNEGO 1.16.4-18 - Resolves: rhbz1710286 - The...

Denial of Service

Overview Versions of parse-server prior to 3.4.1 are vulnerable to Denial of Service DoS. POST requests to /parse/classes/Audience or other volatile classes cause the server to respond with a 500 Internal Server Error for any subsequent POST requests. Recommendation Upgrade to version 3.4.1 or...

Denial Of Service (DoS) Or Directory Traversal

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

Denial Of Service (DoS)

PHP is an HTML-embedded scripting language commonly used with the Apache HTTP Server. It was discovered that the PHP XSL extension did not restrict the file writing capability of libxslt. A remote attacker could use this flaw to create or overwrite an arbitrary file that is writable by the user...

robinbhandari FTP Remote Denial Of Service Exploit

Title: CVE-2019-9668 robinbhandari FTP remote DoS vulnerability Vulnerable: - https://github.com/rovinbhandari/FTP Description: robinbhandari is a open source tiny ftp server/client in github.com. it has a remote DoS vulnerability in a 'put' command. Timeline: 2019-03-11 CVE-2019-9668 robinbhanda...

CVE-2019-6110

In OpenSSH 7.9, due to accepting and displaying arbitrary stderr output from the server, a malicious server or Man-in-The-Middle attacker can manipulate the client output, for example to use ANSI control codes to hide additional files being transferred...