Wisetail Learning Ecosystem (LE) versions up to 4.11.6 suffer from multiple insecure direct object reference vulnerabilities that allow an attacker to download files and get access to the non-purchased course quiz test via a modified id parameter.
34b23ee4bf4c54e688cf0bc81308cbd1Seagate Personal Cloud is a consumer-grade Network-Attached Storage device (NAS). It was found that the web application used to manage the NAS is affected by various unauthenticated information disclosure vulnerabilities. The device is configured to trust any CORS origin, and is accessible via the personalcloud.local domain name. Due to this it is possible for any website to gain access to this information. While this information doesn't allow an attacker to compromise the NAS, the information can be used to stage more targeted attacks. This issue was tested on a Seagate Personal Cloud model SRN21C running firmware versions 4.3.16.0 and 4.3.18.0. The software is licensed from LACIE, it is very likely that other devices/models are also affected.
0c22c4000bdb46ed6b32781ad8339aaaTor Browser versions prior to 8.0 are affected by an information disclosure vulnerability that allows remote attackers to bypass the intended anonymity feature and discover a client IP address. The vulnerability affects Windows users only and needs user interaction to be exploited.
cf495bd49850c516bb8103c472dcfa4dCirCarLife SCADA version 4.3.0 suffers from a credential disclosure vulnerability.
7c9c890b682d8a8511c33ad80a1e4994LG Smart IP Camera versions 1310250 through 1508190 suffer from a backup file download vulnerability.
69ac27e71909aaf59d9fd8fed6733f2fSynaMan version 4.0 build 1488 suffers from an SMTP credential disclosure vulnerability.
355d3631ea9f1a7c3b9b33a27d88b656This write up holds the details for the Tor Browser information disclosure vulnerability as discussed in CVE-2017-16541. Version 7.0.8 is affected.
271de236533c8c6c6b398877415184dbIDOR on ProConf Peer-Review and Conference Management versions 6.0 and below suffer from an insecure direct object reference vulnerability that allows for file disclosure.
f66129ba7ed047a3ce03c2e238f694e8Debian Linux Security Advisory 4282-1 - Several vulnerabilities were discovered in Apache Traffic Server, a reverse and forward proxy server, which could result in denial of service, cache poisoning or information disclosure.
9d6a9c8fd94e07d03970ae36dfdb1c0cSystem broadcasts by Android OS expose information about the user's device to all applications running on the device. This includes the WiFi network name, BSSID, local IP addresses, DNS server information and the MAC address. Some of this information (MAC address) is no longer available via APIs on Android 6 and higher, and extra permissions are normally required to access the rest of this information. However, by listening to these broadcasts, any application on the device can capture this information thus bypassing any permission checks and existing mitigations.
62e70c45fe2ec35604ce4103843cedadEaton Xpert Meter version 13.4.0.10 suffers from an SSH private key disclosure vulnerability.
880214bbc5eaa1c8838fed7d877d4eb5Ubuntu Security Notice 3754-1 - Ralf Spenneberg discovered that the ext4 implementation in the Linux kernel did not properly validate meta block groups. An attacker with physical access could use this to specially craft an ext4 image that causes a denial of service. It was discovered that an information disclosure vulnerability existed in the ACPI implementation of the Linux kernel. A local attacker could use this to expose sensitive information. Various other issues were also addressed.
8fd248fb77a13c2c1319323d9c90a547NEC Aterm WG2600HP2 suffers from an information disclosure vulnerability due to missing authentication.
a5b590d3a117f54d14e10d792ae90024Geutebruck re_porter 16 versions prior to 7.8.974.20 suffer from a credential disclosure vulnerability.
d5289ec6c5460f5f6e9b921ce6a30058Debian Linux Security Advisory 4277-1 - Several vulnerabilities were discovered in Mutt, a text-based mailreader supporting MIME, GPG, PGP and threading, potentially leading to code execution, denial of service or information disclosure when connecting to a malicious mail/NNTP server.
3e9239fe6879deb1579bbbf60a15ee7bMikrotik WinBox version 6.42 suffers from a credential disclosure vulnerability.
e016351c814e2b52d73794e816013898WordPress Dreamsmiths Themes version 0.0.1 suffers from an arbitrary file download vulnerability.
6e4265ce06a07de135930fa49f47a643TP-Link C50 Wireless Router 3 suffers from cross site request forgery vulnerability that allows for information disclosure.
ff0ed20f48b3b4ba6ce38af963e655b6Responsive File Manager 9.13.1 suffers from a file disclosure vulnerability.
e6654d43dad5be76d71dc9d6bc5269d0Debian Linux Security Advisory 4262-1 - Multiple vulnerabilities have been found in the Symfony PHP framework which could lead to open redirects, cross-site request forgery, information disclosure, session fixation or denial of service.
9d90561cb123024abe81fc4647a6aff3Debian Linux Security Advisory 4259-1 - Several vulnerabilities have been discovered in the interpreter for the Ruby language, which may result in incorrect processing of HTTP/FTP, directory traversal, command injection, unintended socket creation or information disclosure.
a76e5483b8c8bfad98c37d0bb78f7568HRSale HR Management PHP script version 1.0.6 suffers from a local file disclosure vulnerability.
7359826a28a3b8ffd79965cd3b39d5bfH2 Database version 1.4.197 suffers from an information disclosure vulnerability.
8c87f441c10407247f7e65eceec1ee6dSymfony versions prior to 2.7.13 suffer from a remote information disclosure vulnerability when app_dev is enabled.
24ccf4690feb930cce80b458f01201c7Online Trade version 1 suffers from an information leakage vulnerability.
feaa24694d083a6d3eb33a230d617234
© 2018 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed