Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
4.1AI Score
0.0004EPSS
Release Information for Veeam Backup & Replication 11a Cumulative Patches
Release Information for Veeam Backup & Replication 11a Cumulative...
1.1AI Score
Volana - Shell Command Obfuscation To Avoid Detection Systems
Shell command obfuscation to avoid SIEM/detection system During pentest, an important aspect is to be stealth. For this reason you should clear your tracks after your passage. Nevertheless, many infrastructures log command and send them to a SIEM in a real time making the afterwards cleaning part.....
7.7AI Score
com.sonymobile.jenkins.plugins.mq, mq-notifier is vulnerable to Information Disclosure. The vulnerability is due to logging potentially sensitive build parameters as part of debug information in build logs by default, which could lead to the unintentional exposure of sensitive...
6.6AI Score
0.0004EPSS
Microsoft Windows Process Module Information
Report details on the running processes modules on the machine. This plugin is informative only and could be used for forensic investigation, malware detection, and to that confirm your system processes conform to your system...
1.3AI Score
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.8AI Score
0.0004EPSS
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.8AI Score
0.0004EPSS
An issue in Bento4 Bento v.1.6.0-641 allows a remote attacker to execute arbitrary code via the...
7.9AI Score
0.0004EPSS
HashiCorp Nomad and Nomad Enterprise 0.11.0 up to 1.5.6 and 1.4.1 HTTP search API can reveal names of available CSI plugins to unauthenticated users or users without the plugin:read policy. Fixed in 1.6.0, 1.5.7, and...
5.3CVSS
7.1AI Score
0.001EPSS
apache-airflow is vulnerable to Information Disclosure. The vulnerability is found in the config_endpoint.py due to the fact that conf.getboolean("webserver", "expose_config") handles only the boolean cases and does not properly handle the case of non-sensitive-only. This oversight enables an...
4.3CVSS
6.7AI Score
0.0005EPSS
apache-airflow is vulnerable to Information Exposure. The vulnerability is due a flaw in the "configuration" UI page when "non-sensitive-only" was set as webserver.expose_config configuration. An attacker can exploit this vulnerability by sending a specially crafted request to see sensitive...
6.6AI Score
0.0004EPSS
Apache ServiceComb Service-Center Exposure of Sensitive Information to an Unauthorized Actor vulnerability in...
7.5CVSS
6.6AI Score
0.001EPSS
Ecava IntegraXor < 4.1.4410 Information Disclosure
The version of Ecava IntegraXor installed on the remote host is a version prior to 4.1 Build 4410. It is, therefore, affected by an unspecified information disclosure...
2.2AI Score
Security Bulletin: AIX is vulnerable to information disclosure due to openCryptoki (CVE-2024-0914)
Summary Vulnerability in openCryptoki could allow a remote attacker to obtain sensitive information (CVE-2024-0914). Vulnerability Details ** CVEID: CVE-2024-0914 DESCRIPTION: **openCryptoki could allow a remote attacker to obtain sensitive information, caused by a flaw when processing RSA PKCS#1.....
5.9CVSS
6AI Score
0.001EPSS
Kimai information disclosure vulnerability
A vulnerability was found in Kimai up to 2.15.0 and classified as problematic. Affected by this issue is some unknown functionality of the component Session Handler. The manipulation of the argument PHPSESSIONID leads to information disclosure. The attack may be launched remotely. The complexity...
3.7CVSS
6.4AI Score
0.0004EPSS
OpenStack Identity Keystone Exposure of Sensitive Information
The catalog url replacement in OpenStack Identity (Keystone) before 2013.2.3 and 2014.1 before 2014.1.2.1 allows remote authenticated users to read sensitive configuration options via a crafted endpoint, as demonstrated by "$(admin_token)" in the publicurl endpoint...
6.5AI Score
0.003EPSS
Academy LMS < 1.9.26 - Unauthenticated Sensitive Information Exposure
Description The Academy LMS – eLearning and online course solution for WordPress plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.9.25. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0004EPSS
elFinder <= 2.1.44 Information Disclosure Vulnerability
elFinder is prone to an information disclosure...
5.9CVSS
5.5AI Score
0.002EPSS
This plugin displays, for each tested host, information about the scan itself : The version of the plugin set. The type of scanner (Nessus or Nessus Home). The version of the Nessus Engine. The port scanner(s) used. The port range scanned. The ping round trip time Whether credentialed or...
7.1AI Score
SEOPress < 7.7 - Information Exposure
Description The SEOPress – On-site SEO plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 7.6.1. This makes it possible for unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.7AI Score
0.0004EPSS
Atlassian Jira < 9.4.21 Information Disclosure
According to its self-reported version number, the Atlassian Jira application running on the remote host is prior to 9.4.21, 9.5.x prior to 9.12.8 or 9.13.x prior to 9.16.0. It is, therefore, affected by an information disclosure vulnerability. Note that the scanner has not tested for these issues....
7AI Score
7.4AI Score
NextScripts: Social Networks Auto-Poster < 4.4.4 - Subscriber+ Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure via the 'nxs_getExpSettings' function. This makes it possible for authenticated attackers, with subscriber access and above, to extract sensitive data including social network API keys and...
8.5CVSS
6.5AI Score
0.001EPSS
7.5CVSS
6.7AI Score
0.013EPSS
Microsoft Power BI Client JavaScript SDK Information Disclosure Vulnerability
Microsoft Power BI Client JavaScript SDK Information Disclosure...
6.5CVSS
6.2AI Score
0.001EPSS
Dynamics 365 Integration < 1.3.18 - Unauthenticated Sensitive Information Exposure
Description The Dynamics 365 Integration plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.3.17 through publicly exposed log files. This makes it possible for unauthenticated attackers to view potentially sensitive information contained in....
5.3CVSS
6AI Score
0.0004EPSS
Summary IBM Sterling Partner Engagement Manager is vulnerable to information disclosure. This bulletin identifies the steps to take to address the vulnerabilities. Vulnerability Details ** CVEID: CVE-2022-35718 DESCRIPTION: **IBM Sterling Partner Engagement Manager stores sensitive information in.....
6AI Score
EPSS
OpenSSH through 9.6, when common types of DRAM are used, might allow row hammer attacks (for authentication bypass) because the integer value of authenticated in mm_answer_authpassword does not resist flips of a single bit. NOTE: this is applicable to a certain threat model of attacker-victim...
7CVSS
6.8AI Score
0.001EPSS
OpenStack Glance sensitive information disclosure via logs
OpenStack Image Registry and Delivery Service (Glance) 2013.2 through 2013.2.1 and Icehouse before icehouse-2 logs a URL containing the Swift store backend password when authentication fails and WARNING level logging is enabled, which allows local users to obtain sensitive information by reading...
6.7AI Score
0.0004EPSS
7.5CVSS
7.1AI Score
EPSS
9.8CVSS
10AI Score
0.975EPSS
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
7.5CVSS
6.7AI Score
0.001EPSS
Cross-site request forgery (CSRF) vulnerability in ELECOM wireless LAN routers and wireless LAN repeater allows a remote unauthenticated attacker to hijack the authentication of administrators and to perform unintended operations to the affected product. Note that WMC-X1800GST-B and WSC-X1800GS-B.....
7.1AI Score
0.0004EPSS
OS command injection vulnerability in ELECOM wireless LAN routers allows a network-adjacent attacker with an administrative privilege to execute arbitrary OS commands by sending a specially crafted request to the product. Note that WMC-X1800GST-B is also included in e-Mesh Starter Kit...
7.8AI Score
0.0004EPSS
OS command injection vulnerability in WRC-X3200GST3-B v1.25 and earlier, and WRC-G01-W v1.24 and earlier allows a network-adjacent attacker with credentials to execute arbitrary OS commands by sending a specially crafted request to the...
8.1AI Score
0.0004EPSS
Cross-site scripting vulnerability in EC-CUBE EC-CUBE 3.0.0 to 3.0.18-p2 (EC-CUBE 3 series) and EC-CUBE 4.0.0 to 4.0.5-p1 (EC-CUBE 4 series) allows a remote attacker to inject an arbitrary script by leading an administrator or a user to a specially crafted page and to perform a specific...
6.1CVSS
6.6AI Score
0.002EPSS
Moodle LaTeX Information Disclosure
The TeX filter included with the installed version of Moodle can be exploited to reveal the contents of files on the remote host, subject to the privileges under which the web server...
7.6AI Score
0.022EPSS
Google Sheets data source plugin for Grafana information disclosure vulnerability
Grafana is an open-source platform for monitoring and observability. The Google Sheets data source plugin for Grafana, versions 0.9.0 to 1.2.2 are vulnerable to an information disclosure vulnerability. The plugin did not properly sanitize error messages, making it potentially expose the Google...
7.5CVSS
6.4AI Score
0.001EPSS
CVE-2024-22352 IBM InfoSphere Information Server information disclosure
IBM InfoSphere Information Server 11.7 stores potentially sensitive information in log files that could be read by a local user. IBM X-Force ID: ...
6.5CVSS
6AI Score
0.0004EPSS
Django Information leakage in AuthenticationForm
django.contrib.auth.forms.AuthenticationForm in Django 2.0 before 2.0.2, and 1.11.8 and 1.11.9, allows remote attackers to obtain potentially sensitive information by leveraging data exposure from the confirm_login_allowed() method, as demonstrated by discovering whether a user account is...
7.5CVSS
7.1AI Score
0.002EPSS
OpenStack Keystone Sensitive information disclosure via log files
OpenStack Identity (Keystone) Grizzly 2013.1.1, when DEBUG mode logging is enabled, logs the (1) admin_token and (2) LDAP password in plaintext, which allows local users to obtain sensitive by reading the log...
6.7AI Score
0.0004EPSS
MinIO Information Disclosure (CVE-2023-28432)
The version of MinIO installed on the remote host is prior to RELEASE.2023-03-20T20-16-18Z. It is, therefore, affected by an information disclosure vulnerability. When deployed in a cluster/in distributed mode MinIO returns all environment variables, including 'MINIO_SECRET_KEY' and...
7.5CVSS
6.8AI Score
0.865EPSS
MSSQL Host Information in NTLM SSP
Nessus can obtain information about the host by examining the NTLM SSP challenge issued during NTLM authentication, over...
0.4AI Score
OpenStack Keystone allows information disclosure during account locking
OpenStack Keystone 10.x through 16.x before 16.0.2, 17.x before 17.0.1, 18.x before 18.0.1, and 19.x before 19.0.1 allows information disclosure during account locking (related to PCI DSS features). By guessing the name of an account and failing to authenticate multiple times, any unauthenticated.....
7.5CVSS
6.8AI Score
0.002EPSS
MoinMoin Insertion of Sensitive Information into Log File
An information leak was discovered in MoinMoin's debug reporting version 1.5.7, which could expose information about the versions of software running on the host system. MoinMoin administrators can add "show_traceback=0" to their site configurations to disable debug...
6.6AI Score
0.019EPSS
Summary IBM Business Automation Workflow Web Process Designer is vulnerable to information disclosure attacks. Vulnerability Details ** CVEID: CVE-2024-28849 DESCRIPTION: **Node.js follow-redirects module could allow a remote authenticated attacker to obtain sensitive information, caused by the...
6.5CVSS
6AI Score
0.0004EPSS
A Fault Injection vulnerability in the SymmetricDecrypt function in cryptopp/elgamal.h of Cryptopp Crypto++ 8.9, allows an attacker to co-reside in the same system with a victim process to disclose information and escalate...
7.4AI Score
EPSS
FreePBX gen_amp_conf.php Information Disclosure
By requesting the 'admin/modules/framework/bin/gen_amp_conf.php' script directly, an unauthenticated, remote attacker can discover all the configuration parameters, including the admin password, for the FreePBX installed on the remote host, thereby gaining administrative access to...
7.5AI Score
Information Disclosure org.eclipse.jetty:jetty-util Dependency in Crowd Data Center and Server
This High severity org.eclipse.jetty:jetty-util Dependency vulnerability was introduced in versions 5.0.0, 5.1.0, and 5.2.0 of Crowd Data Center and Server. This org.eclipse.jetty:jetty-util Dependency vulnerability, with a CVSS Score of 7.5 and a CVSS Vector of...
7.5CVSS
7.2AI Score
0.003EPSS
Slideshow Gallery <= 1.8 - Unauthenticated Sensitive Information Exposure
Description The plugin is vulnerable to Sensitive Information Exposure, allowing unauthenticated attackers to extract sensitive user or configuration...
5.3CVSS
6.3AI Score
0.0005EPSS