SAISON INFORMATION SYSTEMS CO.,LTD. Security Vulnerabilities

Information Disclosure

libshadow.so is vulnerable to Information Disclosure. The vulnerability exists in change_passwd function at gpasswd.c because the password field is not properly zeroed out if the confirmation...

elFinder <= 2.1.44 Information Disclosure Vulnerability

elFinder is prone to an information disclosure...

Exploit for CVE-2024-30056

Microsoft-Edge-Information-Disclosure CVE-2024-30056...

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in github.com/apache/servicecomb-service-center

Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...

Ecava IntegraXor < 4.1.4410 Information Disclosure

The version of Ecava IntegraXor installed on the remote host is a version prior to 4.1 Build 4410. It is, therefore, affected by an unspecified information disclosure...

Microsoft Windows Process Module Information

Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system...

CVE-2024-31005

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...

CVE-2024-31005

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...

CVE-2024-31005

An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...

WP Job Manager < 2.3.0 - Unauthenticated Information Exposure

Description The WP Job Manager plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 2.2.2. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

Information Disclosure

exim is vulnerable to Information Disclosure. The vulnerability exists due to the absence of validation for user-supplied data during the handling of NTLM challenge requests. This allows an attacker to read beyond allocated data structures, potentially leading to the disclosure of information...

Release Information for Hitachi Plug-In for Veeam Backup & Replication

Release Information for Hitachi Plug-In for Veeam Backup &...

Atlassian Jira < 9.4.21 Information Disclosure

According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....

Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)

Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....

Premium Support Tickets For WHMCS 1.2.10 Cross Site Scripting

...

Magento Information Disclosure via File upload functionality

An arbitrary file access vulnerability exists in Magento 2.2 prior to 2.2.10, Magento 2.3 prior to 2.3.3 or 2.3.2-p1. An authenticated user can leverage file upload controller for downloadable products to read/delete an arbitary...

Information Disclosure

exim4 is vulnerable to Information Disclosure. An out-of-bounds read vulnerability exists in the smtp service of Exim which allows an attacker to disclose sensitive information on a vulnerable system by sending a specially crafted SMTP...

Release Information for Veeam Backup & Replication 11a Cumulative Patches

Release Information for Veeam Backup & Replication 11a Cumulative...

Security Bulletin: IBM Sterling Partner Engagement Manager is vulnerable to information disclosure (CVE-2022-35718)

Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure Exploit

...

Nessus Scan Information

This plugin displays, for each tested host, information about the scan itself : The version of the plugin set. The type of scanner (Nessus or Nessus Home). The version of the Nessus Engine. The port scanner(s) used. The port range scanned. The ping round trip time Whether credentialed or...

Kimai information disclosure vulnerability

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...

Exploit for Expression Language Injection in Atlassian Confluence Data Center

......

Wipro Holmes Orchestrator 20.4.1 - Log File Disclosure

...

OpenStack Identity Keystone Exposure of Sensitive Information

The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint...

Kimai information disclosure vulnerability

A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...

Information Disclosure

apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the config_endpoint.py due to the fact that conf.getboolean("webserver", "expose_config") handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...

Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure

Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

Information Disclosure

com.sonymobile.jenkins.plugins.mq, mq-notifier is vulnerable to Information Disclosure. The vulnerability is due to logging potentially sensitive build parameters as part of debug information in build logs by default, which could lead to the unintentional exposure of sensitive...

NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and...

Microsoft Silverlight Information Disclosure Vulnerability (2890788)

This host is missing an important security update according to Microsoft Bulletin...

CVE-2024-26258

OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...

MinIO Information Disclosure (CVE-2023-28432)

The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by an information disclosure vulnerability. When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIO_SECRET_KEY' and...

MSSQL Host Information in NTLM SSP

Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over...

SEOPress < 7.7 - Information Exposure

Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...

OpenStack Glance sensitive information disclosure via logs

OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading...

Dynamics 365 Integration < 1.3.18 - Unauthenticated Sensitive Information Exposure

Description The Dynamics 365 Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.17 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in....

Information Exposure

apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the "configuration" UI page when "non-sensitive-only" was set as webserver.expose_config configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive...

Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability

Microsoft Power BI Client JavaScript SDK Information Disclosure...

CVE-2024-22352 IBM InfoSphere Information Server information disclosure

IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...

Microsoft Internet Information Services (IIS) Installed

Microsoft Internet Information Services installation (IIS) has been detected on the remote Windows...

IBM InfoSphere Information Governance Catalog Detection

The remote web server is running IBM InfoSphere Information Governance Catalog...

Oracle Endeca Information Discovery Studio Detection

Oracle Endeca Information Discovery Studio was detected on the remote host. Oracle Endeca Information Discovery Studio is a web based data discovery and analysis...

Clorius Controls ISC SCADA Information Disclosure

Nessus was able to obtain the contents of '/html/info.htm' on the remote Clorius Contols ISC SCADA device. This page may contain sensitive information such as the firmware version of the device, internal IP address, and MAC...

Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

CVE-2024-23910

Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....

Moodle LaTeX Information Disclosure

The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server...

CVE-2024-25579

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...

Cilem Haber Information Disclosure Vulnerability

Cilem Haber is prone to an information disclosure...

Database Open Access Information Disclosure Vulnerability

Various Database server might be prone to an information disclosure vulnerability if accessible to remote...