Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.
99977b76ad75b06f3f800ae91ea38ee20b0d9091a394d12146ce6e1c875bc515PyScript version 2022-05-04-Alpha suffers from a source code disclosure vulnerability.
c8d80b5a4fbd624628b801faef45e95b5bdb7e61ed7e6956328402fa7a989edbManageEngine ADSelfService Plus build 6118 suffers from an NTLMv2 hash exposure vulnerability.
f42a82f890c3591b725d59a439ef11e7ca7de7237e5ed593bd8a81bf354e0e19DLINK DIR850 suffers from a configuration disclosure vulnerability.
5034a5f0e126b6ab60e98dea096eaebf7cc6ad8b71cab77e3def72b569c48e46Easy!Appointments versions prior to 1.4.3 suffers from an unauthenticated PII disclosure vulnerability.
1da2f1556f091a16878c1f5ff43c96ee13603b821be2cf36f4eddc3bdda3b756Movie Seat Reservation System version 1.0 suffers from file disclosure and remote SQL injection vulnerabilities.
b0d1811617821f2291d86478668c606d13b486a7127827aba39ddb2c34fedaafReprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities.
370fa6ba6f1124cf756ea20795a146d132468475c831aa36bf2f91715035bac6Multi Store Inventory Management System version 1.0 suffers from an information disclosure vulnerability.
20c9b3bbd1a997e40ad6e204b1e0e0e2dbbb6f204e12272f722ff28c44c3d94fThe web panel in Hades RAT malware suffers from an information disclosure vulnerability.
0ac30a3b1137aff46940eeff1a4120bc79c04c3806d7aca0f93af3605e3d2748FLEX 1080/1085 Web version 1.6.0 suffers from an information disclosure vulnerability.
28ce810269e0bf61bc80264045e9cf5c6db97242b86229546be0407a3d2ebeceHasura GraphQL version 2.2.0 suffers from an information disclosure vulnerability.
d4c6e0949dc24e69b126808b4183027a77f8f87d802e545bb38e5a82e2127d9cThinfinity VirtualUI version 2.5.26.2 suffers from an information disclosure vulnerability.
2b19df6335cfc9aa814e3c77fff5405550b9e652464edcbb2f4a2198d44c4ca2WordPress UpdraftPlus versions 1.16.7 through 1.22.2 suffer from a backup disclosure vulnerability.
b497726806b3d3cd3a57bcd3b91fab0d6c64ec521a48183b3477b06789862f15This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained and reflects the response it receives from the service.
a526a71a842e124933fbe29b7fe054817479987a1ba9b99072a7022c4655f1aeHuawei DG8045 Router version 1.0 suffers from a credential disclosure vulnerability.
77520f5248897d5ea9b2a1365de9496fd926e0602ff19e03ca682ca8d9ddccc9Vodafone H-500-s version 3.5.10 suffers from a wifi password disclosure vulnerability.
141bb2c0b6895ca188f6be64c7802d296621286ca56799588453acf04705218eOliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability. Softlink Education has contacted Packet Storm and although they were unable to replicate this issue in their hosting environment, they have proactively made changes to the software to mitigate attempts for this attack.
010a7aadffe845f1451dfb359525b2199ba13983bb2b53cad92938a1bf21c363Apache Log4j2 versions 2.14.1 and below information disclosure exploit.
ba9d5b07577a6679e74d2298770240a1846d62f9ccc75a77024d3f27444bc52bMTPutty version 1.0.1 suffers from an SSH password disclosure vulnerability.
1cca8979b3a05c7e1b8061034264207513e36f95b6cfa17e38cec49b96a6fb88WordPress WP Guppy plugin version 1.1 suffers from a WP-JSON API sensitive information disclosure vulnerability.
0c184ef5480f8c0da90f3e998eda5373612fb8589ab006d4fb7fc530d12db79fWipro Holmes Orchestrator version 20.4.1 allows unauthenticated re-downloading of priorly exported reports in Excel.
be9d06f0cfdf4b2a5e3e1048b978ac6ba226c9ce6a52b1ce78d912d5e71b418eOX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities.
c99f2e36cd127fb981a5512d68d67833a23fbcadee9ad6f6f9c134c3632fb7efUbuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.
11a8fd969279dac2404fecd3abcaa6f718532bed6e35975931b2093909c3f708SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.
4a8db7aa8f258b1769fbf97ddef33a9c7b31c57775fc5b0aaae9d89f1808d5c0Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.
2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Subscribe to an RSS Feed