COWELL INFORMATION SYSTEM CO., LTD. Security Vulnerabilities
ezsystems/ezpublish-legacy is vulnerable to Information Disclosure. The vulnerability is caused due to the module not properly checking access permissions when rendering the content tree menu. This allows the tree menu to display hidden items to unauthorized users if they access the backend URL...
6.9AI Score
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
TYPO3 Information Disclosure of Installed Extensions
It has been discovered that mechanisms used for configuration of RequireJS package loading are susceptible to information disclosure. This way a potential attack can retrieve additional information about installed system and third party...
6.7AI Score
In declareDuplicatePermission of ParsedPermissionUtils.java, there is a possible way to obtain a dangerous permission without user consent due to improper input validation. This could lead to local escalation of privilege during app installation or upgrade with no additional execution privileges...
7.8CVSS
7AI Score
0.0004EPSS
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
6.8CVSS
6.7AI Score
0.0005EPSS
Exploit for Exposure of Sensitive Information to an Unauthorized Actor in Minio
CVE-2023-28432...
7.5CVSS
7.9AI Score
0.865EPSS
Zend-developer-tools information disclosure vulnerability
The package zendframework/zend-developer-tools provides a web-based toolbar for introspecting an application. When updating the package to support PHP 7.3, a change was made that could potentially prevent toolbar entries that are enabled by default from being...
7.1AI Score
TYPO3 Information Disclosure in Install Tool
The Install Tool exposes the current TYPO3 version number to non-authenticated...
7AI Score
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.011EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Advanced Comment System 1.0 - Local File Inclusion
ACS Advanced Comment System 1.0 is affected by local file inclusion via an advanced_component_system/index.php?ACS_path=..%2f...
7.5CVSS
7.4AI Score
0.158EPSS
Download Monitor <= 4.7.60 - Sensitive Information Exposure
The Download Monitor plugin for WordPress is vulnerable to Sensitive Information Exposure in versions up to, and including, 4.7.60 via REST API. This can allow unauthenticated attackers to extract sensitive data including user reports, download reports, and user data including email, role, id and.....
7.5CVSS
6.2AI Score
0.005EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
PuneethReddyHC Online Shopping System homeaction.php SQL Injection
An unauthenticated SQL injection vulnerability exists in PuneethReddyHC Online Shopping System through the /homeaction.php cat_id parameter. Using a post request does not sanitize the user...
9.8CVSS
9.9AI Score
0.076EPSS
ECOA Building Automation System - Arbitrary File Retrieval
The ECOA BAS controller suffers from an arbitrary file disclosure vulnerability. Using the 'fname' POST parameter in viewlog.jsp, attackers can disclose arbitrary files on the affected device and disclose sensitive and system...
7.5CVSS
7.4AI Score
0.024EPSS
WordPress Metform <=2.1.3 - Information Disclosure
WordPress Metform plugin through 2.1.3 is susceptible to information disclosure due to improper access control in the ~/core/forms/action.php file. An attacker can view all API keys and secrets of integrated third-party APIs such as that of PayPal, Stripe, Mailchimp, Hubspot, HelpScout, reCAPTCHA.....
7.5CVSS
7.2AI Score
0.033EPSS
Hongdian H8922 3.0.5 - Information Disclosure
Hongdian H8922 3.0.5 is susceptible to information disclosure. An attacker can access cli.conf (with the administrator password and other sensitive data) via /backup2.cgi and thereby possibly obtain sensitive information, modify data, and/or execute unauthorized...
5.5CVSS
5.5AI Score
0.003EPSS
Eclipse Jetty ConcatServlet - Information Disclosure
Eclipse Jetty through 9.4.40, through 10.0.2, and through 11.0.2 is susceptible to information disclosure. Requests to the ConcatServlet with a doubly encoded path can access protected resources within the WEB-INF directory, thus enabling an attacker to potentially obtain sensitive information,...
5.3CVSS
5.4AI Score
0.006EPSS
FleetCart 4.1.1 - Information Disclosure
Issues with information disclosure in redirect responses. Accessing the majority of the website's pages exposes sensitive data, including the "Razorpay"...
5.3CVSS
6.7AI Score
0.001EPSS
HD-Network Realtime Monitoring System 2.0 - Local File Inclusion
Instances of HD-Network Realtime Monitoring System version 2.0 are vulnerable to a Local File Inclusion vulnerability which allows remote unauthenticated attackers to view confidential...
7.5CVSS
7.5AI Score
0.054EPSS
Salon booking system < 10.0 - Unauthenticated Arbitrary File Deletion
Description The Salon booking system plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 9.8. This is due to the plugin not properly validating the path of an uploaded file prior to deleting it. This makes it possible for unauthenticated attackers to....
9.1CVSS
9.6AI Score
0.0004EPSS
TCExam <= 14.8.1 - Sensitive Information Exposure
When installed following the default/recommended settings, TCExam <= 14.8.1 allowed unauthenticated users to access the /cache/backup/ directory, which includes sensitive database backup...
7.5CVSS
7.5AI Score
0.01EPSS
Akkadian Provisioning Manager - Information Disclosure
Akkadian Provisioning Manager is susceptible to information disclosure. The restricted shell provided can be escaped by abusing the Edit MySQL Configuration command. This command launches a standard VI editor interface which can then be...
7.9CVSS
4.5AI Score
0.002EPSS
Stack-based buffer overflow in DMitry (Deepmagic Information Gathering Tool) version 1.3a (Unix) allows attackers to cause a denial of service (application crash) or possibly have unspecified other impact via a long argument. An example threat model is automated execution of DMitry with hostname...
9.8CVSS
9.6AI Score
0.012EPSS
SimpleSAMLphp Information Disclosure vulnerability
Background SimpleSAMLphp 1.17 includes a preview of the new user interface to be included in the future version 2.0. This new user interface can be enabled by setting the usenewui configuration option to true, and it includes a new admin interface in a module called admin, which can be disabled....
6.8AI Score
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
rConfig <3.9.4 - Sensitive Information Disclosure
rConfig prior to version 3.9.4 is susceptible to sensitive information disclosure. An unauthenticated attacker can retrieve saved cleartext credentials via a GET request to settings.php. Because the application does not exit after a redirect is applied, the rest of the page still executes,...
7.5CVSS
7.2AI Score
0.016EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
9.8CVSS
9.9AI Score
0.016EPSS
Diary Management System 1.0 - Cross-Site Scripting
Diary Management System 1.0 contains a cross-site scripting vulnerability via the Name parameter in...
6.1CVSS
6AI Score
0.003EPSS
Typo3 Information Disclosure in User Authentication
It has been discovered that login failures have been logged on the default stream with log level "warning" including plain-text user...
7.3AI Score
MinIO information disclosure vulnerability in github.com/minio/minio
MinIO information disclosure vulnerability in...
5.3CVSS
5AI Score
0.0004EPSS
Elastic Beats inserts sensitive information into log file
An issue was discovered by Elastic whereby Beats and Elastic Agent would log a raw event in its own logs at the WARN or ERROR level if ingesting that event to Elasticsearch failed with any 4xx HTTP status code except 409 or 429. Depending on the nature of the event that Beats or Elastic Agent...
6.8CVSS
6.7AI Score
0.0005EPSS
Simple Task Managing System v1.0 - SQL Injection
SQL injection occurs when a web application doesn't properly validate or sanitize user input that is used in SQL queries. Attackers can exploit this by injecting malicious SQL code into the input fields of a web application, tricking the application into executing unintended database...
9.8CVSS
9.9AI Score
0.004EPSS
Bank Locker Management System v1.0 - SQL Injection
A vulnerability was found in PHPGurukul Bank Locker Management System 1.0. It has been rated as critical. Affected by this issue is some unknown functionality of the file index.php of the component Login. The manipulation of the argument username leads to sql...
9.8CVSS
9.7AI Score
0.065EPSS
Faculty Evaluation System v1.0 - Remote Code Execution
Sourcecodester Faculty Evaluation System v1.0 is vulnerable to arbitrary code execution via...
7.2CVSS
7.3AI Score
EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System 1.0 is vulnerable to SQL Injection via the date...
8.8CVSS
9.1AI Score
0.001EPSS
Online Fire Reporting System v1.0 - SQL injection
Online Fire Reporting System v1.0 is vulnerable to SQL Injection via...
7.2CVSS
7.4AI Score
0.001EPSS
Cyber Cafe Management System 1.0 - SQL Injection
Cyber Cafe Management System 1.0 contains multiple SQL injection vulnerabilities via the username and password parameters in the Admin panel. An attacker can possibly obtain sensitive information from a database, modify data, and execute unauthorized administrative operations in the context of the....
9.8CVSS
10AI Score
0.134EPSS
Veeam Data Cloud Release Information and Build Numbers
Veeam Data Cloud Release Information and Build...
7.1AI Score
Movable Type mt-check.cgi System Information Disclosure
The Movable Type installation on the remote web server is leaking information via mt-check.cgi. This CGI determines if the Perl modules required by Movable Type are installed, and is only intended to be used prior to installation. It discloses path information, operating system type, Perl...
7AI Score
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Typo3 Information Disclosure in Page Tree
It has been discovered backend users not having read access to specific pages still could see them in the page tree which actually should be disallowed. A valid backend user account is needed in order to exploit this...
6.8AI Score
Art Gallery Management System Project v1.0 - Cross-Site Scripting
A reflected cross-site scripting (XSS) vulnerability in Art Gallery Management System Project v1.0 allows attackers to execute arbitrary web scripts or HTML via a crafted payload injected into the artname parameter under ART TYPE option in the navigation...
6.1CVSS
5.9AI Score
0.003EPSS
MicroStrategy Web 10.4 - Information Disclosure
MicroStrategy Web 10.4 is susceptible to information disclosure. The JVM configuration, CPU architecture, installation folder, and other information are exposed through /MicroStrategyWS/happyaxis.jsp. An attacker can use this vulnerability to learn more about the application environment and...
7.5CVSS
7.4AI Score
0.666EPSS
WordPress Directorist <7.3.1 - Information Disclosure
WordPress Directorist plugin before 7.3.1 is susceptible to information disclosure. The plugin discloses the email address of all users in an AJAX action available to both unauthenticated and authenticated...
5.3CVSS
5AI Score
0.037EPSS
Elasticsearch 7.10.0-7.13.3 - Information Disclosure
ElasticSsarch 7.10.0 to 7.13.3 is susceptible to information disclosure. A user with the ability to submit arbitrary queries can submit a malformed query that results in an error message containing previously used portions of a data buffer. This buffer can contain sensitive information such as...
6.5CVSS
6.3AI Score
0.962EPSS
School Dormitory Management System 1.0 - Authenticated Cross-Site Scripting
School Dormitory Management System 1.0 contains an authenticated cross-site scripting vulnerability in admin/inc/navigation.php:126. An attacker can inject arbitrary script in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based....
6.1CVSS
6.1AI Score
0.001EPSS
HP Advance Mobile Application – Potential Information Disclosure
HP Advance Mobile Applications for iOS and Android are potentially vulnerable to information disclosure when using an outdated version of the application via mobile devices. Update your...
6.5AI Score
0.0004EPSS
An issue in Shenzhen Weitillage Industrial Co., Ltd the access management specialist V6.62.51215 allows a remote attacker to obtain sensitive...
0.001EPSS
IBM QRadar SIEM 7.5 could disclose sensitive email information in responses from offense rules. IBM X-Force ID: ...
5.3CVSS
5AI Score
0.0004EPSS