Apple Live Caller ID Privacy Concerns

Apple's oblivious HTTP relay for Live Caller ID Lookup iOS 18+ routes traffic through 14 third-party endpoints across six countries. These include an anonymous Delaware LLC sharing data with OpenAI, a Russian endpoint Yandex, and a Swiss GmbH whose privacy policy names "The Legal Entity to be...

CVE-2021-27583

In Directus 8.x through 8.8.1, an attacker can discover whether a user is present in the database through the password reset feature. NOTE: This vulnerability only affects products that are no longer supported by the maintainer...

CVE-2023-29203

CVE-2023-29203 concerns XWiki Commons and an information-disclosure vulnerability where an attacker could list hidden main-wiki users by requesting subwiki users via uorgsuggest.vm. Affected component: XWiki Commons (library used by multiple XWiki projects); vulnerability type: information disclo...

CVE-2021-36184

A improper neutralization of Special Elements used in an SQL Command 'SQL Injection' in Fortinet FortiWLM version 8.6.1 and below allows attacker to disclosure device, users and database information via crafted HTTP requests...

CVE-2021-38431

An authenticated user using Advantech WebAccess SCADA in versions 9.0.3 and prior can use API functions to disclose project names and paths from other users...

CVE-2021-26593

In Directus 8.x through 8.8.1, an attacker can see all users in the CMS using the API /users/id. For each call, they get in response a lot of information about the user such as email address, first name, and last name but also the secret for 2FA if one exists. This secret can be regenerated. NOTE...

Debian DSA-4816-1 : mediawiki - security update

Multiple security issues were discovered in MediaWiki, a website engine for collaborative work, which could result in cross-site scripting or the disclosure of hidden users. C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from Debian Security...

[SECURITY] [DSA 4816-1] mediawiki security update

------------------------------------------------------------------------- Debian Security Advisory DSA-4816-1 [email protected] https://www.debian.org/security/ Moritz Muehlenhoff December 18, 2020 https://www.debian.org/security/faq -...

CVE-2019-8512

This issue was addressed with improved transparency. This issue is fixed in iOS 12.2. A user may authorize an enterprise administrator to remotely wipe their device without appropriate disclosure...

Wordpress 5.3 - User Disclosure Exploit

Exploit for php platform in category web applications Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text...

WordPress Core 5.3 - User Disclosure

WordPress Core 5.3 - User Disclosure Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Date: 2019-11-17 Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text...

WordPress Core 5.3 - User Disclosure

Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Date: 2019-11-17 Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text datacontent except...

WordPress 5.3 Username Enumeration

Exploit Title : Wordpress 5.3 - User Disclosure Author: SajjadBnd Date: 2019-11-17 Software Link: https://wordpress.org/download/ version : wp ' vuln = url + "/wp-json/wp/v2/users/" while True: try: r = requests.getvuln,verify=False content = json.loadsr.text datacontent except...

Answers to Your Questions on Our Apps in the Mac App Store

Updated Oct. 4; please scroll down for latest information. Reports that Trend Micro is “stealing user data” and sending them to an unidentified server in China are absolutely false. Trend Micro has completed an initial investigation of a privacy concern related to some of its macOS consumer...

LocalTapiola: Wordpress Users Disclosure (/wp-json/wp/v2/users/)

Information Using REST API, we can see all the WordPress users/author with some of their information. Step TO Reproduce You can get user info by entering below url in your browser: https://www.lahitapiolarahoitus.fi/wp-json/wp/v2/users/ Result javascript "id": 1, "name": "LTR", "url": "",...

Moodle 3.x Multiple Vulnerabilities (Jul 2017) - Windows

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

Moodle 3.x Multiple Vulnerabilities (Jul 2017) - Linux

Moodle is prone to multiple vulnerabilities. SPDX-FileCopyrightText: 2018 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only CPE = "cpe:/a:moodle:moodle"; ifdescription...

BMC BladeLogic RSCD Agent 8.3.00.64 - Windows Users Disclosure Exploit

Exploit for windows platform in category web applications Exploit Title: BMC BladeLogic RSCD agent get Windows users Filename: BMCwinUsers.py Github: https://github.com/bao7uo/bmcbladelogic Date: 2018-01-27 Exploit Author: Paul Taylor / Foregenix Ltd Website: http://www.foregenix.com/blog Version...

CVS/SVN User Disclosure

Concurrent Version System CVS and Subversion SVN provide a method for application developers to control different versions of their code. Occasionally, the developer's version or user information can be stored incorrectly within the code and may be visible to the end user either in the HTML or co...

MediaWiki < 1.23.12 / 1.24.5 / 1.25.4 / 1.26.1 Multiple Vulnerabilities

Binary data 9473.prm...