561 matches found
CVE-2020-10105
Affected product/version: Zammad 3.0–3.2. Vulnerability: An issue causes the server to return the source code of static resources when handling an OPTIONS request instead of a GET request. Specifically, the 404.html file under /zammad/public/404.html is disclosed. Impact (as stated): Disclosure o...
CVE-2019-13410
TOPMeeting before version 8.8 2019/08/19 shows attendees account and password in front end page that allows an attacker to obtain sensitive information by browsing the source code of the page...
U.S. Dept Of Defense: Local File Disclosure on the ████████ (https://████/) leads to the source code disclosure & DB credentials leak
Description I discovered another LFD on the https://████/ virtual host on the █████ IP POC https://█████/file.ashx?path=web.config will download the website configuration file. It exposes different DB credentials than in previous reports: ███ Similarly, attacker able to get content of any...
U.S. Dept Of Defense: Local File Disclosure on the █████ (https://████████.edu/) leads to the full source code disclosure and credentials leak
A local file disclosure vulnerability was discovered on the █████ website https://████████.edu/. The vulnerability allowed an attacker to download the website's configuration file, which exposed the database credentials. Additionally, the source code for certain server-side resources was also...
U.S. Dept Of Defense: Examples directory is PUBLIC on https://████████mil, leading to multiple vulns
Description: Hello, In an effort to consolidate reporting. I have located 4 issues with having the Examples Directory openmy require just 1 solution to mitigate The following URLs that show concern are the following: 1. https://█████mil/examples/servlets/servlet/SessionExample --Will lead to...
Code injection
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10849
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10849
Computrols CBAS 18.0.0 allows unprotected Subversion SVN directory / source code disclosure...
CVE-2019-10849
CBAS Web (Computrols CBAS) 19.0.0 is affected by an information-disclosure vulnerability due to an unprotected Subversion/SVN directory that can disclose the firmware source code. The Red Hat advisory and exploit reports confirm the issue affects CBAS Web and maps to CVE-2019-10849, with an impac...
Acunetix Vulnerability Scanner Now With Network Security Scans
User-friendly and competitively priced, Acunetix leads the market in automatic web security testing technology. Its industry-leading crawler fully supports HTML5, JavaScript, and AJAX-heavy websites, enabling the auditing of complex, authenticated applications. Acunetix provides the only technolo...
PCI DSS Compliance - Information Leakage
The remote host is vulnerable to one or more conditions that are considered to be 'information leakage' and so are not automatic failures according to the PCI DSS Approved Scanning Vendors Program Guide version 3.1. These information leakage issues include one or more of the following : - Detaile...
TomTom: Exposed Git Repo at http://betaforum.tomtom.com/.git/{subfolders}
Dear Security team, I found a git repository on http://betaforum.tomtom.com/.git. This endpoint allows an attacker to retrieve much of the source code and git history for this service which could potentially reveal sensitive information, it all depends what is stored there. Example: 1...
FreeBSD : Gitlab -- Multiple vulnerabilities (b2f4ab91-0e6b-11e9-8700-001b217b3468)
Gitlab reports : Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label...
Gitlab -- Multiple vulnerabilities
Gitlab reports: Source code disclosure merge request diff Todos improper access control URL rel attribute not set Persistent XSS Autocompletion SSRF repository mirroring CI job token LFS error message disclosure Secret CI variable exposure Guest user CI job disclosure Persistent XSS label referen...
KPOT Botnet - File Download/Source Code Disclosure Vulnerability
Exploit for php platform in category web applications Exploit Title: KPOT Botnet - File Download/Source Code Disclosure Vulnerability Google Dork: n/a Date: 26/11/2018 Exploit Author: n4pst3r Vendor Homepage: unkn0wn Software Link: https://bhf.io/threads/515432/ Version: unkn0wn Tested on: Window...
Code injection
Harmonic NSG 9000 devices allow remote authenticated users to read the webapp.py source code via a direct request for the /webapp.py URI...
Starbucks: Backup Source Code Detected
Impact Depending on the nature of the source code disclosed, an attacker can mount one or more of the following types of attacks:•Access the database or other data resources. With the privileges of the account obtained, attempt to read, update or delete arbitrary data from the database. •Access...
Uber: [experience.uber.com] Node.js source code disclosure & anonymous access to internal Uber documents, templates and tools
A configuration file on experience.uber.com exposed details for the server configuration as well as information about the content hosted on the site. The site itself did require authentication to log in, but this config file was publicly accessible. Other accessible URLs included slide deck...
Security Bulletin: Rational Change can be affected by vulnerabilities in the IBM Eclipse Help System (CVE-2013-0464 and CVE-2013-0467)
Summary IBM Rational Change can be affected by two vulnerabilities Cross-site scripting and Help system's source code disclosure by using a specially crafted URL in the IBM Eclipse Help System IEHS, which is used to display the IBM Rational Change help content. Vulnerability Details | Subscribe t...
Apache Tomcat VirtualDirContext Class File Handling Remote JSP Source Code Disclosure
Source code disclosure vulnerability in Apache Tomcat VirtualDirContext class file handling Vulnerability Type: File Disclosure For the exploit source code contact DSquare Security sales team...