CVE-2024-1272

Inclusion of Sensitive Information in Source Code vulnerability in TNB Mobile Solutions Cockpit Software allows Retrieve Embedded Sensitive Data. This issue affects Cockpit Software: before v0.251.1...

Hardcoded credentials

Headwind MDM Web panel 5.22.1 is vulnerable to Incorrect Access Control due to a hard-coded JWT Secret. The secret is hardcoded into the source code available to anyone on Git Hub. This secret is used to sign the application’s JWT token and verify the incoming user-supplied tokens...

Heap-based Buffer Overflow in function get_lisp_indent

Description Heap-based Buffer Overflow in function getlispindent at indent.c:1994 vim version git log commit 83497f875881973df772cc4cc593766345df6c4a HEAD - master, tag: v8.2.5105, origin/master, origin/HEAD POC ./vim -u NONE -i NONE -n -m -X -Z -e -s -S /mnt/share/max/fuzz/poc/vim/pochbo2s.dat -...

How Secrets Lurking in Source Code Lead to Major Breaches

If one word could sum up the 2021 infosecurity year well, actually three, it would be these: "supply chain attack". A software supply chain attack happens when hackers manipulate the code in third-party software components to compromise the 'downstream' applications that use them. In 2021, we hav...

CVE-2022-1623

LibTIFF master branch has an out-of-bounds read in LZWDecode in libtiff/tiflzw.c:624, allowing attackers to cause a denial-of-service via a crafted tiff file. For users that compile libtiff from sources, the fix is available with commit b4e79bfa...

CVE-2022-26148

Grafana (through 7.3.4) integrated with Zabbix contains a credentials disclosure flaw: the Zabbix password and URL can be exposed by inspecting api_jsonrpc.php in the HTML source after login/registration, enabling an attacker with access to the app to obtain sensitive Zabbix credentials. Root cau...

CVE-2020-5301 Information disclosure of source code in SimpleSAMLphp

SimpleSAMLphp versions before 1.18.6 contain an information disclosure vulnerability. The module controller in SimpleSAML\Module that processes requests for pages hosted by modules, has code to identify paths ending with .php and process those as PHP code. If no other suitable way of handling the...

CVE-2019-13410

TOPMeeting vulnerability CVE-2019-13410 affects TOPMeeting versions before 8.8. The issue is information disclosure: attendees’ accounts and passwords are exposed on a front-end page; an attacker can obtain this by inspecting the page source. Root cause: sensitive credentials displayed in the cli...

CVE-2019-14486

GnuCOBOL 2.2 has a buffer overflow in cbevaluateexpr in cobc/field.c via crafted COBOL source code...

GLSA-201803-03 : Go: User-assisted execution of arbitrary code

The remote host is affected by the vulnerability described in GLSA-201803-03 Go: User-assisted execution of arbitrary code A command injection flaw was discovered in the source code build phase because of the go get command, which does not block -fplugin= and -plugin arguments. Impact : A remote...

IBC Solar ServeMaster Source Code Vulnerability

ServeMaster TLP+ and Danfoss TLX Pro+ are web-based SCADA systems. A source code vulnerability exists in IBC Solar ServeMaster. An attacker could exploit this vulnerability to obtain source code for executable scripts...

Code injection

config/initializers/secrettoken.rb in Fat Free CRM before 0.12.1 has a fixed FatFreeCRM::Application.config.secrettoken value, which makes it easier for remote attackers to spoof signed cookies by referring to the key in the source code...

CVE-2013-0467

CVE-2013-0467 concerns a vulnerability in the IBM Eclipse Help System (IEHS) that is shipped with multiple IBM products (notably IBM WebSphere Application Server, IBM InfoSphere Information Server, SPSS Data Collection, Content Analytics/OmniFind, Content Collector, and related IEHS-integrated co...

SoftMP3 - SQL Injection

Exploit Title: SOFTMP3 source code SQL injection Date: 23/04/2011 Author: mArTi Software Link: http://softmp3.org/ Version: No others versions available... Tested on: Windows / Unix /.................................../ Introduction /.................................../ SoftMP3 released a source...

Perl$hop e-commerce Script Trust Boundary Input Parameter Injection

Exploit for cgi platform in category web applications =================================================================== Perl$hop e-commerce Script Trust Boundary Input Parameter Injection =================================================================== A while back I was playing around with...

CVE-2006-2466

BEA WebLogic Server 8.1 up to SP4 and 7.0 up to SP6 allows remote attackers to obtain the source code of JSP pages during certain circumstances related to a "timing window" when a compilation error occurs, aka the "JSP showcode vulnerability."...

CVE-2003-1102

Hummingbird CyberDOCS 3.5, 3.9, and 4.0, when running on IIS, uses insecure permissions for script source code files, which allows remote attackers to read the source code...

Sun ONE Application Server 7.0 - Source Disclosure

source: https://www.securityfocus.com/bid/7709/info Sun ONE Application Server is prone to a source code disclosure vulnerability. This issue is due to handling of case in requests for resources. By changing the case of a file extension, the server may fail to interpret the script and instead ser...

PHP source code injection in BLNews

Product: BLNews Version: 2.1.3 OffSite: http://www.blnews.de/ Problem: PHP source code injection -------------------------------------------- Vulnerability: ------------admin/objects.inc.php4------------ if $itheme!="blubb" include"$Serverpath/admin/tools.inc.php4";...

CVE-2002-2186

Macromedia JRun 3.0, 3.1, and 4.0 allow remote attackers to view the source code of .JSP files via Unicode encoded character values in a URL...