SAISON INFORMATION SYSTEMS CO.,LTD. Security Vulnerabilities

CVE-2024-36103

OS command injection vulnerability in WRC-X5400GS-B v1.0.10 and earlier, and WRC-X5400GSA-B v1.0.10 and earlier allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the...

FreePBX gen_amp_conf.php Information Disclosure

By requesting the 'admin/modules/framework/bin/gen_amp_conf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to...

Security Bulletin: Information disclosure vulnerabilities affect IBM Business Automation Workflow - CVE-2024-28849, CVE-2024-21501

Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...

Google Sheets data source plugin for Grafana information disclosure vulnerability

Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...

CVE-2024-21798

ELECOM wireless LAN routers contain a cross-site scripting vulnerability. Assume that a malicious administrative user configures the affected product with specially crafted content. When another administrative user logs in and operates the product, an arbitrary script may be executed on the web...

CVE-2024-25568

OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent unauthenticated attacker to execute arbitrary OS commands by sending a specially crafted request to the product. Affected products and versions are as follows: WRC-X3200GST3-B v1.25 and earlier, WRC-G01-W...

Joomla! < 1.0.8 Information Disclosure

The version of Joomla! installed on the remote web server is affected by an information disclosure vulnerability. An unauthenticated, remote attacker can exploit this, via a specially crafted request, to disclose the full path information from the Joomla! installation. Note that the application is....

CVE-2022-27912

An issue was discovered in Joomla! 4.0.0 through 4.2.3. Sites with publicly enabled debug mode exposed data of previous...

CVE-2021-20750

Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server

This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...

OpenStack Keystone Sensitive information disclosure via log files

OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...

Django Information leakage in AuthenticationForm

django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is...

MoinMoin Insertion of Sensitive Information into Log File

An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug...

CVE-2024-35155 IBM MQ information disclosure

IBM MQ Console 9.3 LTS and 9.3 CD could disclose could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

Moxa AWK Series asqc.asp Information Disclosure Vulnerability

Moxa AWK series wireless access points are prone to an information disclosure...

OpenStack Keystone allows information disclosure during account locking

OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated.....

CVE-2024-35156 IBM MQ information disclosure

IBM MQ 9.3 LTS and 9.3 CD could allow a remote attacker to obtain sensitive information when a detailed technical error message is returned in the browser. This information could be used in further attacks against the system. IBM X-Force ID: ...

Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure

Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration...

CVE-2024-1100

Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Vadi Corporate Information Systems DIGIKENT GIS allows SQL Injection.This issue affects DIGIKENT GIS: through...

CVE-2024-28285

A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...

CVE-2023-50937 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

Security Bulletin: IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure (CVE-2024-22333)

Summary IBM Maximo Manage application in IBM Maximo Application Suite is vulnerable to sensitive information disclosure. Vulnerability Details ** CVEID: CVE-2024-22333 DESCRIPTION: **IBM Maximo Asset Management allows web pages to be stored locally which can be read by another user on the system......

CVE-2024-4220 Information Disclosure in BeyondInsight

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...

CVE-2024-4220 Information Disclosure in BeyondInsight

Prior to 23.1, an information disclosure vulnerability exists within BeyondInsight which can allow an attacker to enumerate...

CVE-2024-23911

Out-of-bounds read vulnerability caused by improper checking of the option length values in IPv6 NDP packets exists in Cente middleware TCP/IP Network Series, which may allow an unauthenticated attacker to stop the device operations by sending a specially crafted...

CVE-2023-50937 IBM PowerSC information disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

CVE-2023-50939 IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

VMware Harbor Information Disclosure (CVE-2020-29662)

An information disclosure vulnerability exists in Harbor. In Harbor 2.0 before 2.0.5 and 2.1.x before 2.1.2 the catalog's registry API is exposed on an unauthenticated...

Microsoft Internet Information Services (IIS) Sites Enumeration

Microsoft Internet Information Services configuration file has been parsed to extract information about the existing sites, their protocols, domains and IP...

Microsoft System Center Configuration Manager Database Information

ConfigMgr stores information such as clients it manages, OS version and software packages installed on the client in a database. Much of this information is exposed through Windows Management Instrumentation (WMI). By querying WMI, information about managed clients can be obtained. This script...

Security Bulletin: IBM Tivoli Netcool Impact is vulnerable to insecure cryptographic algorithm and information disclosure due to DB2 JDBC Driver (CVE-2023-47152)

Summary DB2 JDBC driver is shipped with IBM Tivoli Netcool Impact as part of the db2 data source adapter. Information about security vulnerabilities affecting DB2 JDBC driver has been published in a security bulletin. Vulnerability Details ** CVEID: CVE-2023-47152 DESCRIPTION: **IBM Db2 for...

Easy Digital Downloads < 3.2.12 - Unauthenticated Sensitive Information Exposure

Description The Easy Digital Downloads – Sell Digital Files & Subscriptions (eCommerce Store + Payments Made Easy) plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 3.2.11. This makes it possible for unauthenticated attackers to extract...

Kubernetes client-go vulnerable to Sensitive Information Leak via Log File

In Kubernetes, if the logging level is set to at least 9, authorization and bearer tokens will be written to log files. This can occur both in API server logs and client tool output like kubectl. This affects &lt;= v1.19.5, &lt;= v1.18.13, &lt;= v1.17.15, &lt;...

CVE-2024-31916 IBM OpenBMC information disclosure

IBM OpenBMC FW1050.00 through FW1050.10 BMCWeb HTTPS server component could disclose sensitive URI content to an unauthorized actor that bypasses authentication channels. IBM X-ForceID: ...

PHP 7.3.x < 7.3.2 Information Disclosure.

According to its banner, the version of PHP running on the remote web server is 7.3.x prior to 7.3.2. It is, therefore, affected by: An out-of-bounds read error exists in the dns_get_record function due to improper parsing of DNS responses. An unauthenticated, remote attacker can exploit...

Open Information Security Foundation Suricata Installed (Windows)

Open Information Security Foundation Suricata is installed on the remote Windows...

Open Information Security Foundation Suricata Installed (Linux)

Open Information Security Foundation Suricata is installed on the remote Linux...

Kaseya VSA Information Disclosure Vulnerability - Active Check

Kaseya VSA is prone to an information disclosure...

CVE-2023-50939 IBM PowerSC information Disclosure

IBM PowerSC 1.3, 2.0, and 2.1 uses weaker than expected cryptographic algorithms that could allow an attacker to decrypt highly sensitive information. IBM X-Force ID: ...

Microsoft XML Editor Information Disclosure Vulnerability (2543893)

This host is missing an important security update according to Microsoft Bulletin...

Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)

Microsoft SQL Server is prone to an information disclosure ...

Microsoft SQL Server Information Disclosure Vulnerability (KB4019092)

This host is missing an important security update according to Microsoft...

Sensitive Information Disclosure

Apache Linkis is vulnerable to Sensitive Information Disclosure. The vulnerability is caused by the inclusion of sensitive information (password) in the log statement. This potentially leads to exposure to sensitive...

Sensitive Information Disclosure

github.com/apache/solr-operator is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the operator's mishandling of authentication credentials in log files, which could expose sensitive information such as usernames and...

Sensitive Information Disclosure

go is vulnerable to Sensitive Information Disclosure. The vulnerability is due to errors returned from MarshalJSON methods containing user-controlled data, which can break contextual auto-escaping behavior, leading to unexpected content injection into...

Microsoft SQL Server Information Disclosure Vulnerability (KB4036996)

This host is missing an important security update according to Microsoft...

VMware Harbor Information Disclosure (CVE-2019-19030)

An information disclosure vulnerability exists in Harbor versions 1.7.x prior to 1.10.3 and 2.x prior to 2.0.1. An unauthenticated, remote attacker can exploit an enumeration flaw to determine what resources...

Home Assistant Information Disclosure Vulnerability (Mar 2022)

Home Assistant OS and Home Assistant Supervised are prone to an information disclosure...

Microsoft SQL Server Information Disclosure Vulnerability (KB4019091)

Microsoft SQL Server is prone to an information disclosure ...