21 matches found
WordPress Plugin AI Engine code vulnerability
WordPress Plugin AI Engine is a plugin developed by the WordPress Foundation. It can be used to build intelligent chatbots, create AI forms, and automate tasks. Versions of WordPress Plugin AI Engine prior to 3.3.2 have code vulnerabilities due to a server-side request forgeing issue in the...
CVE-2024-9802
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The...
CVE-2024-9802
The conformance validation endpoint is public so everybody can verify the conformance of onboarded services. The response could contain specific information about the service, including available endpoints, and swagger. It could advise about the running version of a service to an attacker. The...
CVE-2024-9802
The CVE-2024-9802 entry concerns the Zowe API Mediation Layer’s conformance validation endpoint, which is publicly accessible. Public responses may reveal service details (endpoints, swagger) and potentially indicate the running version and whether a service is active. This information exposure i...
CVE-2024-28084
p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...
CVE-2024-28084
p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...
CVE-2024-28084
p2putil.c in iNet wireless daemon IWD through 2.15 allows attackers to cause a denial of service daemon crash or possibly have unspecified other impact because of initialization issues in situations where parsing of advertised service information fails...
CVE-2023-38152 DHCP Server Service Information Disclosure Vulnerability
...
Atlassian Jira 7.11.x < 7.11.3 Multiple Vulnerabilities
According to its self-reported version number, the instance of Atlassian Jira hosted on the remote web server is prior to version 7.6.10, 7.7.0 prior to 7.7.5, 7.8.0 prior to 7.8.5, 7.9.0 prior to7.9.3, 7.10.0 prior to 7.10.3, 7.11.0 prior to 7.11.3, 7.12.0 prior to 7.12.3 or 7.13.0 prior to...
LiveTargetsFinder - Generates Lists Of Live Hosts And URLs For Targeting, Automating The Usage Of MassDNS, Masscan And Nmap To Filter Out Unreachable Hosts And Gather Service Information
Generates lists of live hosts and URLs for targeting, automating the usage of Massdns, Masscan and nmap to filter out unreachable hosts Given an input file of domain names, this script will automate the usage of MassDNS to filter out unresolvable hosts, and then pass the results on to Masscan to...
Clario: Information disclosure of Internal php files on [mackeeper.com/blog/api/send-event]
Summary Vulnerable URL: https://mackeeper.com/blog/api/send-event contains service information Steps To Reproduce Step-1: Go to https://mackeeper.com/blog/api/send-event you will get MethodNotAllowedHttpException and different PHP files error info Step-2: After that, I have a change method to POS...
Breaches at NetworkSolutions, Register.com, and Web.com
Top domain name registrars NetworkSolutions.com, Register.com and Web.com are asking customers to reset their passwords after discovering an intrusion in August 2019 in which customer account information was accessed. A notice to customers at notice.web.com. "On October 16, 2019, Web.com determin...
SUSE-SU-2019:0480-1 Security update for supportutils
This update for supportutils fixes the following issues: Security issues fixed: - CVE-2018-19640: Fixed an issue where users could kill arbitrary processes bsc1118463. - CVE-2018-19638: Fixed an issue where users could overwrite arbitrary log files bsc1118460. - CVE-2018-19639: Fixed a code...
Server side request forgery (ssrf)
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
CVE-2018-13404
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
CVE-2018-13404
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
The VerifyPopServerConnection resource was vulnerable to SSRF - CVE-2018-13404
The VerifyPopServerConnection resource in Atlassian Jira before version 7.6.10, from version 7.7.0 before version 7.7.5, from version 7.8.0 before version 7.8.5, from version 7.9.0 before version 7.9.3, from version 7.10.0 before version 7.10.3, from version 7.11.0 before version 7.11.3, from...
Open-Xchange AppSuite Cross-Site Request Forgery Vulnerability (CNVD-2016-04410)
Open-Xchange AppSuite OX AppSuite is a suite of Web-based cloud desktop environments from Open-Xchange, Inc. in the United States. The environment allows users to manage email, tasks, files, etc. more intuitively. A cross-site request forgery vulnerability exists in OX AppSuite 7.8.1 and earlier...
Nmap NSE net: netbus-info
Opens a connection to a NetBus server and extracts information about the host and the NetBus service itself. The extracted host information includes a list of running applications, and the hosts sound volume settings. The extracted service information includes it's access control list acl, server...
Information leak from client application with technical information
Data leakage through service information and network protocol in the client application. When exchanging information, you are always transmitting data. However, at different levels everyone remembers ISO/OSI?, service information is added to your data. What is this information, what can it say...