IBM Business Automation Workflow 安全漏洞

IBM Business Automation Workflow is a workflow automation solution developed by the American multinational company International Business Machines IBM. This product is primarily used for workflow management and compliance control, and it features workflow visibility and scalability. There is a...

CVE-2026-44012

Craft CMS vulnerability CVE-2026-44012: AssetsController::actionShowInFolder() allows information disclosure by returning asset filenames and full folder hierarchies without validating volume permissions. Affected: 5.0.0-RC1 up to before 5.9.18. Any authenticated CP user with only accessCp can en...

CVE-2025-59853

HCL DFXAnalytics is affected by an Improper Error Handling vulnerability where the application exposes detailed stack traces in responses, which could allow an attacker to gain insights into the application's internal structure, code logic, and environment configurations...

EUVD-2020-25061

Malware in sbrugna...

CVE-2020-3796

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure...

IBM Cúram Social Program Management Access Control Error Vulnerability

IBM Cúram Social Program Management SPM is a suite of social program management solutions from IBM USA. The solution supports the process of end-to-end social program delivery. A security vulnerability exists in IBM Cúram Social Program Management XPath, which arises from errors such as...

CVE-2020-3796

ColdFusion versions ColdFusion 2016, and ColdFusion 2018 have an improper access control vulnerability. Successful exploitation could lead to system file structure disclosure...

MTN Group: SharePoint exposed web services in a subdomain

Hi there I found a subdomain that is sharepoint configuration is poorly implemented Because of improper configuration an anonymous user can access to the SharePoint Web Services. POC: Go to the following url: https://www.mtn.co.za/vtibin/lists.asmx?WSDL services.jpg Remediation Restrict access to...

CVE-2019-10665

An issue was discovered in LibreNMS through 1.47. The scripts that handle the graphing options html/includes/graphs/common.inc.php and html/includes/graphs/graphs.inc.php do not sufficiently validate or encode several fields of user supplied input. Some parameters are filtered with...

CVE-2018-8578

An information disclosure vulnerability exists when Microsoft SharePoint Server improperly discloses its folder structure when rendering specific web pages, aka "Microsoft SharePoint Information Disclosure Vulnerability." This affects Microsoft SharePoint...

CVE-2008-6579

Nortel Communication Server 1000 4.50.x allows remote attackers to obtain Web application structure via unknown vectors related to "web resources to phones and administrators."...

PT-2009-29: Tribiq CMS Multiple Vulnerabilities

Tribiq CMS is a content management system CMS software, usually implemented as a Web application, for creating and managing HTML content. It is used to manage and control a large, dynamic collection of Web material HTML documents and their associated images. Vulnerability Description Positive...

SQLQHit Directory Structure Disclosure

The Sample SQL Query CGI is present. SPDX-FileCopyrightText: 2001 SecuriTeam Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription scriptoid"1.3.6.1.4.1.25623.1.0.10765";...

SilverStream Database Structure Disclosure

An unauthenticated, remote attacker can discover the internal structure of the remote SilverStream database by sending a special request. %NASLMINLEVEL 70300 This script was written by Tor Houghton, but I looked at "htdig" by Renaud Deraison Changes by rd: - phrasing in the report - pattern read...

Gene6 BPFTP Server 2.0 - File Existence Disclosure

Gene6 BPFTP Server 2.0 - File Existence Disclosure source: https://www.securityfocus.com/bid/2537/info A user can confirm the existence and location of files and directory structure information, by submitting a 'size' or 'mdtm' command of a file. If the command is carried out by the vulnerable...