Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214dfTextpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer.
1ae8e0b552a4239f94e3a47bd60d1a40de5024ed400567419bb925ce5c2c66e0This Metasploit module exploits multiple vulnerabilities in the zhttpd binary (/bin/zhttpd) and zcmd binary (/bin/zcmd). It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary that allows an unauthenticated attacker to read the entire configuration of the router via the vulnerable endpoint /Export_Log?/data/zcfg_config.json. With this information disclosure, the attacker can determine if the router is reachable via ssh and use the second vulnerability in the zcmd binary to derive the supervisor password exploiting a weak implementation of a password derivation algorithm using the device serial number. After exploitation, an attacker will be able to execute any command as user supervisor.
9a3aef1a073115f56b28eb2aec9260df77503937d00eeca46fde8494010d2467OX App Suite has patched for sensitive information disclosure, cross site scripting, improper access control, authorization bypass, and resource consumption vulnerabilities. Some of the issues affect OX App Suite frontend version 7.10.6-rev23 and some affect OX App Suite backend version 7.10.6-rev36.
155ec55f6da0ebb83ce88e1e80511fb3da026e9c6a7fd7336c4fe3969b7e009aDebian Linux Security Advisory 5398-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
ee38b91484a2e9da0e6d235cdab8756535ecf5dc0dbec326bcf55aab4a9aae7aJedox version 2022.4.2 has an information disclosure vulnerability in /be/rpc.php that allows remote authenticated users with the appropriate permissions to modify database connections to disclose the clear text credentials via the test connection function.
0d65954fe57317294bfe2c400f3db4b3623426f3c49974de9f8966129d23c3cdJedox version 2020.2.5 suffers from having improper access controls in /tc/rpc that allows remote authenticated users to view details of database connections via the class com.jedox.etl.mngr.Connections and the method getGlobalConnection.
4978dc2461b1d119aeb99611968991dd695fb91ff2de8614aa5259189ffcb604projectSend version r1605 suffers from a private file download vulnerability.
7d0616347abe6dce55f8a948b13c9f7a8dcf7bdd7ba623acf8033e840b683c68Debian Linux Security Advisory 5393-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
e3a2157c393645dfb393ee9ad3917dc59ae65410313a1f4480e733e61b4fbe63Franklin Fueling Systems TS-550 suffers from a password hash disclosure vulnerability.
5321c2e6d8a5ba0ee798a8ecbc4154af4303cab89fef43786dea99f1de8f6e68SecurePoint UTM versions 12.x suffers from a session identifier leak vulnerability via the spcgi.cgi endpoint.
1d4cd9e39a6938ba5bad5e9bd158f7895198cb30170e4a59be88883cdba0cd69GDidees CMS version 3.9.1 suffers from file disclosure and directory traversal vulnerabilities.
3ad70797b1102b6af3e3732783bf2a2c1c292b1c3e789902f8a13abbd0ea3c37Debian Linux Security Advisory 5386-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
31f7bda15db67dc239bc90b93138e84328a40dd4a4fd5382ed039eb5a54b131fSielco PolyEco Digital FM Transmitter version 2.0.6 suffers from an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this issue via a specially crafted request to gain access to sensitive information.
267418fd80ab371b230bbaa9fdec8767c24efde298174b16aca5925e335bcb57ENTAB ERP version 1.0 suffers from a username information leak due to a lack of rate limiting.
9a0018070bfd8bbf3bd166d224a03db6d8c71e46d17a9234b197505cc3ced293Icinga Web version 2.10 suffers from an arbitrary file disclosure vulnerability.
f08ad07b926f6cf095c8b7a80fc8a8658f60c610c96b25e695c50c6c4ae28f48Franklin Fueling Systems TS-550 appears to suffer from insecure direct object reference and password hash disclosure vulnerabilities.
c7eb9b6d134d1e52a18386709b28e379d579cbcebfd3a3b74885aede997153b9Dell EMC Networking PC5500 firmware versions 4.1.0.22 and Cisco Sx / SMB suffer from an information leakage vulnerability.
b8a45b8069a5a5129862e21629b12e2ac7fea0a964921f4c4676a3ebbf3a17c8Sales Tracker Management System version 1.0 suffers from an information disclosure vulnerability.
09eb9f9f3be0d62ba132f7b2c369f9882748969f3344e7cf82cf6c269db7e064DSL-124 Wireless N300 ADSL2+ suffers from a backup disclosure vulnerability.
63d71c45b66ab170d2acf14007338350c4e6603e64a4f67be40cf28b407eee4cJoomla! versions prior to 4.2.8 suffer from an unauthenticated information disclosure vulnerability.
417f9d6c26b8a1e0793bc9e5aaf8fe1808d869eb6f3e3c535d5813d71577788dDebian Linux Security Advisory 5377-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
51386e4f82d3fa06d6856296972bb66ad386ecf19472a1e8924e27cea3026f9fUbuntu Security Notice 5966-2 - USN-5966-1 fixed vulnerabilities in amanda. Unfortunately it introduced a regression in GNUTAR-based backups. This update reverts all of the changes in amanda until a better fix is provided. Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information.
4749f55afc6287a649f39b41a2552f3b688b77959973ae84bd337045e4dad07fUbuntu Security Notice 5966-1 - Maher Azzouzi discovered an information disclosure vulnerability in the calcsize binary within amanda. calcsize is a suid binary owned by root that could possibly be used by a malicious local attacker to expose sensitive file system information. Maher Azzouzi discovered a privilege escalation vulnerability in the rundump binary within amanda. rundump is a suid binary owned by root that did not perform adequate sanitization of environment variables or commandline options and could possibly be used by a malicious local attacker to escalate privileges.
2580ab51db5f3bf0e05ef50995b026255510f6945bca4387cdd8ab8d58501893Adobe Connect versions 11.4.5 and below as well as versions 12.1.5 and below suffer from a file disclosure vulnerability.
230d9930fbdec26e4628f0385522c78b426bd6ed51e29a6e47c431fd60fb961b
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed