313 matches found
Microsoft Windows Security Bypass Vulnerability (CNVD-2018-09667)
Microsoft Windows 10 and Windows Server Version 1709 are both products of Microsoft Corporation.Microsoft Windows 10 is a cross-platform operating system for PCs and laptops, tablets, and cell phones.Windows... Server Version 1709 is a server operating system. A security feature bypass...
Information Disclosure
h2o-core is vulnerable to information disclosures. The HTTP response headers contain sensitive information such as server version...
CVE-2018-0902
The Cryptography Next Generation CNG kernel-mode driver cng.sys in Windows 10 Gold, 1511, 1607, 1703, and 1709. Windows Server 2016 and Windows Server, version 1709 allows a security feature bypass vulnerability due to the way the kernel-mode driver validates and enforces impersonation levels, ak...
Oracle Database Server Oracle Universal Installer Component Unspecified Vulnerability
Oracle Database Server is prone to an unspecified vulnerability. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE =...
CVE-2018-0827
Windows Scripting Host WSH in Windows 10 versions 1703 and 1709 and Windows Server, version 1709 allows a Device Guard security feature bypass vulnerability due to the way objects are handled in memory, aka "Windows Security Feature Bypass Vulnerability"...
KB4056892: Windows 10 Version 1709 and Windows Server Version 1709 January 2018 Security Update (Meltdown)(Spectre)
The remote Windows host is missing security update 4056892 or 4073291. It is, therefore, affected by multiple vulnerabilities : - An vulnerability exists within microprocessors utilizing speculative execution and indirect branch prediction, which may allow an attacker with local user access to...
Nextcloud: Banner Grabbing - Apache Server Version Disclousure
Hello Nextcloud, I'd like to report a nice little bug. Banner Grabbing is a technique used to gain information about a remote server. Additionally, this technique is use to get information about remote servers. I've captured the HTTP request while visiting https://customerupdates.nextcloud.com an...
OrientDB 2.2.x Remote Code Execution
This module leverages a privilege escalation on OrientDB to execute unsandboxed OS commands. All versions from 2.2.2 up to 2.2.22 should be vulnerable. This module requires Metasploit: https://metasploit.com/download Current source: https://github.com/rapid7/metasploit-framework class...
PVS target and server version compatibility
Q: Can a PVS environment be configured with PVS target version higher than the PVS server version? A: No, The PVS target version should be the same as the PVS server version Configuring PVS environment with PVS target version higher than the PVS server version may work however if there is an issu...
Weblate: Weblate- Banner Grabbing-Ngnix Server version
Hey, I have found in the HTTP response header from docs.weblate.org, the nginx web server version is disclosed. Ideally application server responds back to users error message in customzied manner by not revealing any sensitive information about webserver or underlying components in applicatio...
U.S. Dept Of Defense: Two Error-Based SQLi in courses.aspx on ██████████
Summary: The server at ████ contains two SQL injection vulnerabilities in the courses.aspx file. These are error-based SQLi vulnerabilities. The resulting errors reveal seven lines of C code, including inline SQL which reveals internal database information. Note that this is one of two reports I'...
Nextcloud: information disclose
Hello Team . I Reported a issue - disclosure SERVER Version !! when i interrupt this https://demo.nextcloud.com/ Request , its disclosure The server version Server: Apache/2.4.6 CentOS OpenSSL/1.0.1e-fips As you can See this Pic , or you can Interrupt the url useing Any Proxy tools like Burp Suit...
Ubiquiti Inc.: Content Spoofing or Text Injection in (403 forbidden page injection) and Nginx version disclosure via response header
Hello there, I know that this is Non-critical issue but i want you guys to be aware of it. 1. I have found a Content Spoofing or Text Injection in This url http://dl-origin.ubnt.com/ Go to this url...
OLX: Server Version Of https://www.olx.ph/
i see a server version of your website that have link: https://www.olx.ph/.htaccess The impact of this vulnerability Consult Web References for more information. This is a proof. http://prnt.sc/dtsjmo -- jaypogzz...
Yelp: Nginx server version disclosure on engineeringblog
Hi Yelp Team, I have found a little information disclosure on your system with regards to the version of server you are using, due to not properly handling 404 errors , whe you go to the page that i not existing, the exact nginx version was disclosed. PoC URL: engineeringblog.yelp.com/test PoC...
Atlassian Confluence Server Version Detection
Binary data 9543.prm...
Sonicwall GMS Detection
This VT has been deprecated and replaced by the VT SPDX-FileCopyrightText: 2016 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only if description...
Unspecified Vulnerability in Oracle MySQL Server (CNVD-2016-05398)
Oracle MySQL Server is a lightweight relational database system. A security vulnerability exists in Oracle MySQL Server 5.7.12 and earlier versions, which can be exploited by an authenticated attacker to compromise integrity, availability...
Gratipay: don't leak Server version for assets.gratipay.com
Hi i found that server version are being disclosed on the response header on this URL: https://assets.gratipay.com , this is a low risk but you can consider this as best practice because it is important to keep secret of server versions. See similar reports here: 141125 Feel free to close this as...
The vulnerability of the Marida DB database management system allows a malicious actor to cause service failures.
The MariaDB database management system contains a vulnerability related to errors in the client/mysql.cc code of MariaDB. Exploiting this vulnerability allows a malicious individual to cause a service failure on a remote database server, trigger a service failure, or execute arbitrary code using ...