JAL Information Technology Co., Ltd. Security Vulnerabilities

KubeView <=0.1.31 - Information Disclosure

KubeView through 0.1.31 is susceptible to information disclosure. An attacker can obtain control of a Kubernetes cluster because api/scrape/kube-system does not require authentication and retrieves certificate files that can be used for authentication as kube-admin. An attacker can thereby...

Free5gc 3.2.1 - Information Disclosure

Free5gc 3.2.1 is susceptible to information disclosure. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...

Jenkins <=2.218 - Information Disclosure

Jenkins through 2.218, LTS 2.204.1 and earlier, is susceptible to information disclosure. An attacker can access exposed session identifiers on a user detail object in the whoAmI diagnostic page and thus potentially access sensitive information, modify data, and/or execute unauthorized...

CVE-2024-37680

Hangzhou Meisoft Information Technology Co., Ltd. FineSoft &lt;=8.0 is affected by Cross Site Scripting (XSS) which allows remote attackers to execute arbitrary code. Enter any account and password, click Login, the page will report an error, and a controllable parameter will appear at the...

ZK Framework - Information Disclosure

ZK Framework 9.6.1, 9.6.0.1, 9.5.1.3, 9.0.1.2 and 8.6.4.1 is susceptible to information disclosure. An attacker can access sensitive information via a crafted POST request to the component AuUploader and thereby possibly obtain additional sensitive information, modify data, and/or execute...

JumpServer > 3.6.4 - Information Disclosure

JumpServer is an open source bastion host and a professional operation and maintenance security audit system. Starting in version 3.0.0 and prior to versions 3.5.5 and 3.6.4, session replays can download without authentication. Session replays stored in S3, OSS, or other cloud storage are not...

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22081 DESCRIPTION: **An unspecified vulnerability in Java SE related to the JSSE component could allow a remote attacker to cause no confidentiality impact, no integrity...

Security Bulletin: An unspecified IBM SDK, Java Technology Edition vulnerability affects InfoSphere Data Replication

Summary An unspecified IBM SDK, Java Technology Edition vulnerability is addressed. Vulnerability Details ** CVEID: CVE-2023-22045 DESCRIPTION: **An unspecified vulnerability in Java SE related to the VM component could allow a remote attacker to cause low confidentiality impacts. CVSS Base...

Lost And Found Information System 1.0 SQL Injection

...

Laravel <5.5.21 - Information Disclosure

Laravel through 5.5.21 is susceptible to information disclosure. An attacker can obtain sensitive information such as externally usable passwords via a direct request for the /.env URI. NOTE: CVE pertains only to the writeNewEnvironmentFileWith function in...

ThinkPHP 5.0.24 - Information Disclosure

ThinkPHP 5.0.24 is susceptible to information disclosure. This version was configured without the PATHINFO parameter. This can allow an attacker to access all system environment parameters from index.php, thereby possibly obtaining sensitive information, modifying data, and/or executing...

Microweber <1.2.11 - Information Disclosure

Microweber before 1.2.11 is susceptible to information disclosure. An error message is generated in microweber/microweber which contains sensitive information while viewing comments from load_module:comments#search=. An attacker can possibly obtain sensitive information, modify data, and/or...

Jira <8.4.0 - Information Disclosure

Jira before 8.4.0 is susceptible to information disclosure. The /rest/api/latest/groupuserpicker resource can allow an attacker to enumerate usernames, and thereby potentially obtain sensitive information, modify data, and/or execute unauthorized...

Splunk <=7.0.1 - Information Disclosure

Splunk through 7.0.1 is susceptible to information disclosure by appending __raw/services/server/info/server-info?output_mode=json to a query, as demonstrated by discovering a license...

Exploit for Cleartext Transmission of Sensitive Information in Keepass

KeePass 2.X Master Password Dumper...

Exploit for Cleartext Storage of Sensitive Information in Mremoteng

mRemoteNG &lt;= v1.77.3.1784-NB Password Dumper...

Intelbras Switch - Information Disclosure

An authentication bypass in Intelbras Switch SG 2404 MR in firmware 1.00.54 allows an unauthenticated attacker to download the backup file of the device, exposing critical information about the device...

Microweber <1.1.20 - Information Disclosure

Microweber before 1.1.20 is susceptible to information disclosure via userfiles/modules/users/controller/controller.php. An attacker can disclose the users database via a /modules/ POST request and thus potentially access sensitive information, modify data, and/or execute unauthorized...

Ametys CMS Information Disclosure

Ametys CMS before 4.5.0 allows a remote unauthenticated attacker to read documents such as plugins/web/service/search/auto-completion/domain/en.xml (and similar pathnames for other languages) via the auto-completion plugin, which contain all characters typed by all users, including the content of.....

Rancher 'Audit Log' leaks sensitive information

Impact A vulnerability has been identified which may lead to sensitive data being leaked into Rancher's audit logs. Rancher Audit Logging is an opt-in feature, only deployments that have it enabled and have AUDIT_LEVEL set to 1 or above are impacted by this issue. The leaks might be caught in the.....

Lost And Found Information System 1.0 SQL Injection

...

FleetCart 4.1.1 Information Disclosure Vulnerability

...

Sensitive Information Disclosure

github.com/minio/minio/ is vulnerable to Sensitive Information Disclosure. The vulnerability is due to the ability to infer the existence of objects on a server by sending anonymous requests with random object...

Aquatronica Control System 5.1.6 - Information Disclosure

...

Check Point Security Gateway Information Disclosure

...

Information disclosure in podman

An information disclosure vulnerability was found in containers/podman in versions before 2.0.5. When using the deprecated Varlink API or the Docker-compatible REST API, if multiple containers are created in a short duration, the environment variables from the first container will get leaked into.....

sanitize-html Information Exposure vulnerability

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details...

CVE-2024-37681

An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...

CVE-2024-37681

An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

CVE-2024-37681

An issue the background management system of Shanxi Internet Chuangxiang Technology Co., Ltd v1.0.1 allows a remote attacker to cause a denial of service via the index.html...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

MLFlow < 2.8.1 - Sensitive Information Disclosure

An issue in MLFlow versions 2.8.1 and before allows a remote attacker to obtain sensitive information via a crafted request to REST...

FleetCart 4.1.1 Information Disclosure

...

Exploit for Improper Validation of Specified Quantity in Input in Linux Linux Kernel

RNDIS-CO Summary The RNDIS USB Gadget may be exploited...

sanitize-html Information Exposure vulnerability

Versions of the package sanitize-html before 2.12.1 are vulnerable to Information Exposure when used on the backend and with the style attribute allowed, allowing enumeration of files in the system (including project dependencies). An attacker could exploit this vulnerability to gather details...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

CVE-2023-37058

Insecure Permissions vulnerability in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to escalate privileges via a crafted...

GitLab CE/EE - Information Disclosure

GitLab CE/EE is susceptible to information disclosure. An attacker can access runner registration tokens using quick actions commands, thereby making it possible to obtain sensitive information, modify data, and/or execute unauthorized operations. Affected versions are from 12.10 before 14.6.5,...

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in the live_mfg.shtml page. An attacker can obtain sensitive router information via the exec cmd function and possibly obtain additional sensitive information, modify data, and/or execute unauthorized...

WordPress Guppy <=1.1 - Information Disclosure

WordPress Guppy plugin through 1.1 is susceptible to an API disclosure vulnerability. This can allow an attacker to obtain all user IDs and then use them to make API requests to get messages sent between users and/or send messages posing as one user to...

AccessAlly <3.5.7 - Sensitive Information Leakage

WordPress AccessAlly plugin before 3.5.7 allows sensitive information leakage because the file &quot;resource/frontend/product/product-shortcode.php&quot; (which is responsible for the [accessally_order_form] shortcode) dumps serialize($_SERVER), which contains all environment variables. The leakag...

WyreStorm Apollo VX20 - Information Disclosure

An issue was discovered on WyreStorm Apollo VX20 devices before 1.3.58. Remote attackers can discover cleartext credentials for the SoftAP (access point) Router /device/config using an HTTP GET...

CVE-2023-37057

An issue in JLINK Unionman Technology Co. Ltd Jlink AX1800 v.1.0 allows a remote attacker to execute arbitrary code via the router's authentication...

Weaver OA 9.5 - Information Disclosure

A vulnerability was found in Weaver OA 9.5 and classified as problematic. This issue affects some unknown processing of the file /building/backmgr/urlpage/mobileurl/configfile/jx2_config.ini. The manipulation leads to files or directories accessible. The attack may be initiated...

WAVLINK WN535 G3 - Information Disclosure

WAVLINK WN535 G3 M35G3R.V5030.180927 is susceptible to information disclosure in live_check.shtml. An attacker can obtain sensitive router information via execution of the exec cmd function and thereby possibly obtain additional sensitive information, modify data, and/or execute unauthorized...

MinIO Cluster Deployment - Information Disclosure

MinIO is susceptible to information disclosure. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables, including MINIO_SECRET_KEY and MINIO_ROOT_PASSWORD. An attacker can potentially obtain sensitive...

GLPI 9.2/<9.5.6 - Information Disclosure

GLPI 9.2 and prior to 9.5.6 is susceptible to information disclosure via the telemetry endpoint, which discloses GLPI and server information. An attacker can possibly obtain sensitive information, modify data, and/or execute unauthorized...