561 matches found
CVE-2023-30802
CVE-2023-30802 affects Sangfor Next-Gen Application Firewall NGAF 8.0.17. Multiple connected sources confirm a source-code disclosure vulnerability exploitable remotely by an unauthenticated attacker through HTTP requests with an invalid Content-Length header, enabling access to PHP source code. ...
CVE-2023-30802 Sangfor Next-Gen Application Firewall Source Code Disclosure
The Sangfor Next-Gen Application Firewall version NGAF8.0.17 is vulnerable to a source code disclosure vulnerability. A remote and unauthenticated attacker can obtain PHP source code by sending an HTTP request with an invalid Content-Length field...
Sangfor Next-Gen Application Firewall Security Vulnerabilities
Sangfor Next-Gen Application Firewall Sangfor NGAF is an application firewall from China-based Sangfor. A security vulnerability exists in Sangfor Next-Gen Application Firewall NGAF version 8.0.17, which originates from a source code disclosure issue. The vulnerability can be exploited to obtain...
CVE-2023-33477
Summary: CVE-2023-33477 concerns Harmonic NSG 9000-6G devices, where an authenticated remote user can obtain source code by directly requesting a crafted path. Multiple connected sources label the issue as a path traversal vulnerability, but the technical details are inconsistent across entries a...
CVE-2023-27180
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...
Code injection
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...
CVE-2023-27180
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...
CVE-2023-27180
GDidees CMS v3.9.1 was discovered to contain a source code disclosure vulnerability by the backup feature which is accessible via /admin/backup.php...
CVE-2023-27180
GDidees CMS v3.9.1 is described in multiple sources as having a source code disclosure vulnerability through the backup feature exposed at /_admin/backup.php . The CVE report notes high impact with confidentiality loss (C:H) and no indicated integrity/availability impact, with an overall CVSSv3.1...
PT-2023-20993 · Unknown · Gdidees Cms
Name of the Vulnerable Software and Affected Versions: GDidees CMS version 3.9.1 Description: A source code disclosure issue was found in the backup feature of GDidees CMS, accessible via the "/ admin/backup.php" endpoint. This allows for potential access to sensitive information. Recommendations...
K65078159: Apache Tomcat vulnerability CVE-2021-24122
Security Advisory Description When serving resources from a network location using the NTFS file system, Apache Tomcat versions 10.0.0-M1 to 10.0.0-M9, 9.0.0.M1 to 9.0.39, 8.5.0 to 8.5.59 and 7.0.0 to 7.0.106 were susceptible to JSP source code disclosure in some configurations. The root cause wa...
Security Bulletin: Vulnerability in IBM SPSS Data Collection due to issues in Eclipse Help System (CVE-2013-0464, CVE-2013-0467)
Abstract The version of IBM Eclipse Help System that is shipped with IBM SPSS Data Collection versions 6.0, 6.0.1 "Data Collection" and 7.0 has multiple security vulnerabilities. These vulnerabilities allow attackers to perform cross-site scripting and source code disclosure attacks. Content...
The Undertow module of WildFly allows source code disclosure
The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...
GHSA-4VWV-X3GP-2J4G The Undertow module of WildFly allows source code disclosure
The Undertow module of WildFly versions 8.1.0.Final, 8.2.0.Final, 9.0.0.CR1 allows remote attackers to obtain the source code of a JSP page via a "/" at the end of a URL...
GHSA-V2C9-9M8V-8JJM Apache ActiveMQ Sensitive Information Disclosure via the Jetty ResourceHandler
The Jetty ResourceHandler in Apache ActiveMQ 5.x before 5.3.2 and 5.4.x before 5.4.0 allows remote attackers to read JSP source code via a // slash slash initial substring in a URI for 1 admin/index.jsp, 2 admin/queues.jsp, or 3 admin/topics.jsp...
PyScript 2022-05-04-Alpha Source Code Disclosure
Exploit Title: PyScript Remote Emscripten VMemory Python libraries Source Codes Read Date: 5-9-2022 Exploit Author: Momen Eldawakhly Cyber Guy Vendor Homepage: https://pyscript.net/ Software Link: https://github.com/pyscript/pyscript Version: 2022-05-04-Alpha Tested on: Ubuntu Apache Server CVE :...
GHSA-8V5P-2CPV-C2X6 Apache Tomcat Source Code Disclosure
Apache Tomcat 4.0.5 and earlier, when using both the invoker servlet and the default servlet, allows remote attackers to read source code for server files or bypass certain protections, a variant of CAN-2002-1148...
Apache Tomcat Source Code Disclosure
The default servlet org.apache.catalina.servlets.DefaultServlet in Tomcat 4.0.4 and 4.1.10 and earlier allows remote attackers to read source code for server files via a direct request to the servlet...
Apache 2.4.10 < 2.4.44 Source Code Disclosure
Due to a lack of control over an Apache error when using php-cgi and ModSecurity, it is possible for an attacker to obtain the source code of requested page in the error response via a specially crafted request containing the Content-Length header with an incorrect value. No source data...
Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Vulnerability
Exploit Title: Mitsubishi Electric & INEA SmartRTU - Source Code Disclosure Exploit Author: Hamit CİBO Vendor Homepage: https://www.inea.si Software Link: https://www.inea.si/telemetrija-in-m2m-produkti/mertu/ Version: ME RTU Tested on: Windows CVE : CVE-2018-16060 PoC Request GET /web HTTP/1.1...