16 matches found
EUVD-2020-19110
Malware in sbrugna...
Exposure of Sensitive System Information to an Unauthorized Control Sphere
Overview org.keycloak:keycloak-services is an open source identity and access management solution for modern applications and services. Affected versions of this package are vulnerable to Exposure of Sensitive System Information to an Unauthorized Control Sphere via the /admin/serverinfo endpoint...
CVE-2025-5416
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information...
CVE-2025-5416 Keycloak-core: keycloak environment information
A vulnerability has been identified in Keycloak that could lead to unauthorized information disclosure. While it requires an already authenticated user, the /admin/serverinfo endpoint can inadvertently provide sensitive environment information...
PT-2025-26440 · Red Hat · Keycloak
Name of the Vulnerable Software and Affected Versions: Keycloak affected versions not specified Description: A vulnerability has been identified that could lead to unauthorized information disclosure. It requires an already authenticated user and can inadvertently provide sensitive environment...
Red Hat build of Keycloak 安全漏洞
Red Hat build of Keycloak is a web application for single sign-on from Red Hat, Inc. An information disclosure vulnerability exists in the Red Hat build of Keycloak, which originates from the /admin/serverinfo endpoint that contains internal server details, and can be exploited by an attacker to...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...
openssl-src contains Double free after calling `PEM_read_bio_ex`
The function PEMreadbioex reads a PEM file from a BIO and parses and decodes the "name" e.g. "CERTIFICATE", any header data and the payload data. If the function succeeds then the "nameout", "header" and "data" arguments are populated with pointers to buffers containing the relevant decoded data...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...
CVE-2020-26565
ObjectPlanet Opinio before 7.14 allows Expression Language Injection via the admin/permissionList.do from parameter. This can be used to retrieve possibly sensitive serverInfo data...
Nextcloud: Serverinfo endpoints are not bruteforce protected nor are tokens properly generated
The serverinfo app allows accessing the endpoints also via a custom token. https://github.com/nextcloud/serverinfo/blob/9ae9dde028a684e53a1b37c9ba8e964ffe42a97f/lib/Controller/ApiController.phpL121 The token is set/generated via...
CVE-2017-18448
cPanel before 64.0.21 allows certain file-read operations via a Serverinfomanpage API call SEC-252...
MS15-061 Windows NTUserMessageCall Win32k Kernel Pool Overflow (Schlamperei)
No description provided by source. include include / Exploiting MS15-061 with reverse engineering Win32k.sys by steps : 1: hook PEB callback Function 2: trigger vulnerability make proper Window to lead vulnerable function 3: replace fake object with NtUserDefSetText in Desktop heap inside PEB...
Wind crossing technology ASP online shopping v11. 9 1 9 the vulnerability and fix-vulnerability warning-the black bar safety net
MakeBug [email protected] 'conn. asp % On Error Resume Next servermappath=server. mappath"/the serverinfo. asa" 'Slightly DBstr=""&txt. ReadLine&"" 'database address name 'Slightly % Read the serverinfo. asa 'the serverinfo. asa /chinammcdata/chinammcshop. mdb Use method:...
Nmap NSE net: afp-serverinfo
This VT has been deprecated and is therefore no longer functional. SPDX-FileCopyrightText: 2011 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2004-1853
Buffer overflow in Terminator 3: War of the Machines 1.0 allows remote attackers to cause a denial of service via a long ServerInfo variable...