COWELL INFORMATION SYSTEM CO., LTD. Security Vulnerabilities

Faculty Evaluation System v1.0 - SQL Injection

Sourcecodester Faculty Evaluation System v1.0 is vulnerable to SQL Injection via...

Doctor Appointment System 1.0 - SQL Injection

SQL injection in the expertise parameter in search_result.php in Doctor Appointment System...

HPE System Management - Cross-Site Scripting

HPE System Management contains a cross-site scripting vulnerability which allows an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other...

Cilium leaks sensitive information in cilium-bugtool

Impact The output of cilium-bugtool can contain sensitive data when the tool is run (with the --envoy-dump flag set) against Cilium deployments with the Envoy proxy enabled. Users of the following features are affected: TLS inspection Ingress with TLS termination Gateway API with TLS termination...

typo3 Information Disclosure Security Note

Due to reports it has been validated that internal workspaces in Neos are accessible without authentication. Some users assumed this is a planned feature but it is not. A workspace preview should be an additional feature with respective security measures in place. Note that this only allows...

Doctor Appointment System 1.0 - SQL Injection

Blind SQL injection in contactus.php in Doctor Appointment System 1.0 allows an unauthenticated attacker to insert malicious SQL queries via firstname...

CirCarLife Scada <4.3 - System Log Exposure

CirCarLife Scada before 4.3 allows remote attackers to obtain sensitive information via a direct request for the html/log or services/system/info.html URI. CirCarLife is an internet-connected electric vehicle charging...

Simple Employee Records System 1.0 - Unrestricted File Upload

Simple Employee Records System 1.0 contains an arbitrary file upload vulnerability due to client-side validation of file extensions. This can be used to upload executable code to the server to obtain access or perform remote command...

Check Point Security Gateway - Information Disclosure (Unauthenticated)

...

Information Disclosure in TYPO3 CMS

Failing to properly check user permission on file storages, editors could gain knowledge of protected storages and its folders as well as using them in a file collection being rendered in the frontend. A valid backend user account is needed to exploit this...

Information Disclosure in TYPO3 CMS

HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...

Information Disclosure in TYPO3 CMS

HTTP requests being performed using the TYPO3 API expose the specific TYPO3 version to the called...

Information Disclosure in TYPO3 Backend

The TYPO3 backend module stores the username of an authenticated backend user in its cache files. By guessing the file path to the cache files it is possible to receive valid backend...

Vehicle Service Management System 1.0 - Cross Site Scripting

Vehicle Service Management System 1.0 contains a cross-site scripting vulnerability via the User List section in login...

Information Disclosure

Ansible-core is vulnerable to information disclosure. The vulnerability is due to a failure to respect the ANSIBLE_NO_LOG configuration in some scenarios, leading to sensitive information being included in the output during certain tasks, such as loop...

Eclipse Jetty - Information Disclosure

Eclipse Jetty 9.4.37-9.4.42, 10.0.1-10.0.5 and 11.0.1-11.0.5 are susceptible to improper authorization. URIs can be crafted using some encoded characters to access the content of the WEB-INF directory and/or bypass some security constraints. An attacker can potentially obtain sensitive...

Rocket.Chat <3.9.1 - Information Disclosure

Rocket.Chat through 3.9.1 is susceptible to information disclosure. An attacker can enumerate email addresses via the password reset function and thus potentially access sensitive information, modify data, and/or execute unauthorized...

CVE-2024-22352

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...

CVE-2023-38876

A reflected cross-site scripting (XSS) vulnerability in msaad1999's PHP-Login-System 2.0.1 allows remote attackers to execute arbitrary JavaScript in the web browser of a user, by including a malicious payload into the 'selector' parameter in...

Security Advisory - Path Traversal Vulnerability in Huawei Home Music System

Some Huawei home music system products have a path traversal vulnerability. Successful exploitation of this vulnerability may cause unauthorized file deletion or file permission change.(Vulnerability ID:HWPSIRT-2023-53450) This vulnerability has been assigned a...

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

Moodle BigBlueButton web service leaks meeting joining information

Insufficient capability checks meant it was possible for users to gain access to BigBlueButton join URLs they did not have permission to...

pcp security update

An update is available for pcp. This update affects Rocky Linux 8. A Common Vulnerability Scoring System (CVSS) base score, which gives a detailed severity rating, is available for each vulnerability from the CVE list Performance Co-Pilot (PCP) is a suite of tools, services, and libraries for...

Information disclosure in podman in github.com/containers/libpod

Information disclosure in podman in...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

Keepass-Dumper This is my PoC implementation for...

Jorani Leave Management System 0.6.5 - Cross-Site Scripting

Persistent cross-site scripting (XSS) issues in Jorani 0.6.5 allow remote attackers to inject arbitrary web script or HTML via the language parameter to...

Academy Learning Management System <5.9.1 - Cross-Site Scripting

Academy Learning Management System before 5.9.1 contains a cross-site scripting vulnerability via the Search parameter. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based...

Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio

CVE-2023-28432...

System Dashboard < 2.8.10 - XSS via Header Injection

Description The plugin does not sanitize and escape some parameters, which could allow administrators in multisite WordPress configurations to perform Cross-Site Scripting attacks PoC X-Forwarded-For:...

privilege escalation - obtain dangerous system permissions silently through duplicate permission declarations

In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...

Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Employee And Visitor Gate Pass Logging System 1.0 SQL Injection Vulnerability

Employee and Visitor Gate Pass Logging System version 1.0 suffers from a remote SQL injection vulnerability that allows for authentication...

TerraMaster TOS < 4.2.30 Server Information Disclosure

TerraMaster NAS devices running TOS prior to version 4.2.30 are vulnerable to information...

WAVLINK WN530H4 M30H4.V5030.190403 - Information Disclosure

WAVLINK WN530H4 M30H4.V5030.190403 contains an information disclosure vulnerability in the /cgi-bin/ExportAllSettings.sh endpoint. This can allow an attacker to leak router settings, including cleartext login details, DNS settings, and other sensitive information without...

Information Disclosure

scrapy is vulnerable to Information Disclosure. The vulnerability is due to redirects ignoring scheme specific proxy settings, which results in http / https schemes using the wrong proxy if the proxy was configured to be scheme...

Sensitive Information Into Log File

jberet-core is vulnerable to Insertion of Sensitive Information into Log File. The vulnerability is due to missing data masking during logging via the getConnection method within JdbcRepository.java. It occurs when error messages include sensitive information, such as database connection...

LearnDash LMS < 4.10.3 - Sensitive Information Exposure

The LearnDash LMS plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 4.10.2 via API. This makes it possible for unauthenticated attackers to obtain access to quiz...

MinIO information disclosure vulnerability

Impact If-Modified-Since If-Unmodified-Since Headers when used with anonymous requests by sending a random object name requests you can figure out if the object exists or not on the server on a specific bucket and also gain access to some amount of information such as Last-Modified (of the...

Jeecg Boot <= 2.4.5 - Sensitive Information Disclosure

Jeecg Boot &lt;= 2.4.5 API interface has unauthorized access and leaks sensitive information such as email,phone and Enumerate usernames that exist in the...

DataTaker DT80 dEX 1.50.012 - Information Disclosure

DataTaker DT80 dEX 1.50.012 is susceptible to information disclosure. A remote attacker can obtain sensitive credential and configuration information via a direct request for the /services/getFile.cmd?userfile=config.xml URI, thereby possibly accessing sensitive information, modifying data, and/or....

Linear eMerge E3-Series - Information Disclosure

Linear eMerge E3-Series devices are susceptible to information disclosure. Admin credentials are stored in clear text at the endpoint /test.txt in situations where the default admin credentials have been changed. An attacker can obtain admin credentials, access the admin dashboard, control...

Reprise License Manager 14.2 - Information Disclosure

Reprise License Manager 14.2 is susceptible to information disclosure via a GET request to /goforms/rlminfo. No authentication is required. The information disclosed is associated with software versions, process IDs, network configuration, hostname(s), system architecture and file/directory...

WordPress BulletProof Security 5.1 Information Disclosure

The BulletProof Security WordPress plugin is vulnerable to sensitive information disclosure due to a file path disclosure in the publicly accessible ~/db_backup_log.txt file which grants attackers the full path of the site, in addition to the path of database backup files. This affects versions up....

PRTG Network Monitor <20.1.57.1745 - Information Disclosure

PRTG Network Monitor before 20.1.57.1745 is susceptible to information disclosure. An attacker can obtain information about probes running or the server itself via an HTTP request, thus potentially being able to modify data and/or execute unauthorized administrative operations in the context of...

Information Disclosure

microsoft.powerbi.javascript is vulnerable to an Information Disclosure. The vulnerability is due to improper handling of sensitive information, which may allow an attacker to access unauthorized data if a user visits a site with malicious...

TYPO3 Information Disclosure in Install Tool

The Install Tool exposes the current TYPO3 version number to non-authenticated...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...

Elastic Beats inserts sensitive information into log file

An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...

Zend-developer-tools information disclosure vulnerability

The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...

TYPO3 Information Disclosure of Installed Extensions

It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...