The Citytv Video Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to third party sites (Adobe Experience Cloud, ScorecardResearch). Citytv Video Android versions 4.08.0 and below and iOS versions 3.36 and below are affected.
a4c54d68932b6a368bcb9f373ccb7b24The Global TV Android and iOS applications send potentially sensitive information such as device model and resolution, mobile carrier, days since first use, days since last use, total number of app launches, number of app launches since upgrade, and previous app session length, unencrypted to both first (CNAME to third) and third party sites (Adobe Experience Cloud, ScorecardResearch). Global TV Android versions 2.3.2 and below and iOS versions 4.7.5 and below are affected.
53b85b11c7e2c82b9010d72677aa5e0dDebian Linux Security Advisory 4628-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
01708b9f6807865189e459e77166ada4SmartClient version 120 suffers from information disclosure, local file inclusion, remote file upload, and XML external entity injection vulnerabilities.
57f8471ef038330e69a08ce5bd6f84a5Debian Linux Security Advisory 4626-1 - Multiple security issues were found in PHP, a widely-used open source general purpose scripting language which could result in information disclosure, denial of service or incorrect validation of path names.
12b024e434e48cf965722db6369b01c2An information disclosure vulnerability exists when Centaur and TitanSMA fail to properly protect critical system logs such as 'syslog'. Additionally, the implemented Jetty version (9.4.z-SNAPSHOT) suffers from a memory leak of shared buffers that was (supposedly) patched in Jetty version 9.2.9.v20150224.
92e9f1486147a093937b564e106ffc00LabVantage version 8.3 suffers from an information disclosure vulnerability.
ef585a038e1409c4fa25a36eedfd5953SWAPGS attack proof of concept exploit that demonstrates an information disclosure in the windows kernel.
bc36cf27bccf91e98ad52d648c1882e1Verodin Director Web Console version 3.5.4.0 remote authenticated password disclosure proof of concept exploit.
b80441f581b37ec759191c45b35f987aAVideo Platform version 8.1 suffers from an information disclosure vulnerability that allows for user enumeration.
d62321c216670ae38d7594f28dda9f7aJira version 8.3.4 suffers from a username enumeration information disclosure vulnerability.
3cc6ad6b7584b810553e95e611e2c356Centreon version 19.10.5 suffers from a database credential disclosure vulnerability.
015b6cc11fc60b7914ed4e83bae7f78eRealtek SDK based routers suffer from information disclosure, incorrect access control, insecure password storage, code execution, and incorrectly implemented CAPTCHA vulnerabilities.
655a4e51c6bf4ef1304ab18aee588265Debian Linux Security Advisory 4604-1 - Multiple issues have been found in cacti, a server monitoring system, potentially resulting in SQL code execution or information disclosure by authenticated users.
19ed4d84151d8d8d569b2ebabf448f5aDebian Linux Security Advisory 4603-1 - Multiple security issues have been found in Thunderbird which could potentially result in the execution of arbitrary code or information disclosure.
3d4fe141935108d14d22f1fe02e23aefA low impact information disclosure vulnerability in the setuid root xlock binary distributed with Solaris may allow local users to read partial contents of sensitive files. Due to the fact that target files must be in a very specific format, exploitation of this flaw to escalate privileges in a realistic scenario is unlikely.
d43954458731660f576f082539a29af3ASTPP version 4.0.1 VoIP billing suffers from a database backup disclosure vulnerability.
8624082f784690fbd7d31d7ec3b9d239Cisco DCNM JBoss version 10.4 suffers from a credential leakage vulnerability.
f2b2bc3ee27fbddf61de2d091386e2bdDebian Linux Security Advisory 4596-1 - Several issues were discovered in the Tomcat servlet and JSP engine, which could result in session fixation attacks, information disclosure, cross- site scripting, denial of service via resource exhaustion and insecure redirects.
09c17e7ab1b3a837f06eaa360ec8f557MyDomoAtHome REST API is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this, via a specially crafted request to gain access to sensitive information.
a1b1c0aaf9c17fbc3d0e5a3f982a85d5Control Web Panel versions 0.9.8.856 through 0.9.8.864 suffer from a phpMyAdmin password disclosure vulnerability.
350c05e4dacfce98d3811879f2066056Squiz Matrix CMS suffers from PHP unserialization code execution, information disclosure, and arbitrary file deletion vulnerabilities.
2a89eaa5d695460978b8a6a34c1d28bbA malicious application can take advantage of a vulnerability in Symantec Endpoint Protection to leak privileged information and/or execute code with higher privileges, thus taking full control over the affected host. Symantec Endpoint Protection versions 14.x below 14.2 (RU1) and 12.x below 12.1 (RU6 MP10) are affected. Symantec Endpoint Protection Small Business Edition versions 12.x below 12.1 (RU6 MP10c) are affected.
adaa581b77f7d19cd5f1123812a01cb9OwnCloud version 8.1.8 suffers from a username disclosure vulnerability.
757c36179daa923d31563d7d6f7b1f5fWordPress version 5.3 suffers from a username enumeration vulnerability.
b263069a414f9bb50aa1628b813065d1
© 2016 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed