Jupiter Theme versions 6.10.1 and below as well as JupiterX Core plugin versions 2.0.7 and below suffer from privilege escalation and post deletion vulnerabilities. JupiterX Theme versions 2.0.6 and below as well as JupiterX Core versions 2.0.6 and below suffer from plugin deactivation and setting modification flaws. JupiterX Theme versions 2.0.6 and below as well as Jupiter Theme versions 6.10.1 and below suffer from path traversal and local file inclusion vulnerabilities. Jupiter Theme versions 6.10.1 and below suffer from an arbitrary plugin deletion vulnerability. JupiterX Core plugin versions 2.0.6 and below suffer from information disclosure, modification, and denial of service vulnerabilities.
99977b76ad75b06f3f800ae91ea38ee20b0d9091a394d12146ce6e1c875bc515
PyScript version 2022-05-04-Alpha suffers from a source code disclosure vulnerability.
c8d80b5a4fbd624628b801faef45e95b5bdb7e61ed7e6956328402fa7a989edb
ManageEngine ADSelfService Plus build 6118 suffers from an NTLMv2 hash exposure vulnerability.
f42a82f890c3591b725d59a439ef11e7ca7de7237e5ed593bd8a81bf354e0e19
DLINK DIR850 suffers from a configuration disclosure vulnerability.
5034a5f0e126b6ab60e98dea096eaebf7cc6ad8b71cab77e3def72b569c48e46
Easy!Appointments versions prior to 1.4.3 suffers from an unauthenticated PII disclosure vulnerability.
1da2f1556f091a16878c1f5ff43c96ee13603b821be2cf36f4eddc3bdda3b756
Movie Seat Reservation System version 1.0 suffers from file disclosure and remote SQL injection vulnerabilities.
b0d1811617821f2291d86478668c606d13b486a7127827aba39ddb2c34fedaaf
Reprise License Manager version 14.2 suffers from cross site scripting and information disclosure vulnerabilities.
370fa6ba6f1124cf756ea20795a146d132468475c831aa36bf2f91715035bac6
Multi Store Inventory Management System version 1.0 suffers from an information disclosure vulnerability.
20c9b3bbd1a997e40ad6e204b1e0e0e2dbbb6f204e12272f722ff28c44c3d94f
The web panel in Hades RAT malware suffers from an information disclosure vulnerability.
0ac30a3b1137aff46940eeff1a4120bc79c04c3806d7aca0f93af3605e3d2748
FLEX 1080/1085 Web version 1.6.0 suffers from an information disclosure vulnerability.
28ce810269e0bf61bc80264045e9cf5c6db97242b86229546be0407a3d2ebece
Hasura GraphQL version 2.2.0 suffers from an information disclosure vulnerability.
d4c6e0949dc24e69b126808b4183027a77f8f87d802e545bb38e5a82e2127d9c
Thinfinity VirtualUI version 2.5.26.2 suffers from an information disclosure vulnerability.
2b19df6335cfc9aa814e3c77fff5405550b9e652464edcbb2f4a2198d44c4ca2
WordPress UpdraftPlus versions 1.16.7 through 1.22.2 suffer from a backup disclosure vulnerability.
b497726806b3d3cd3a57bcd3b91fab0d6c64ec521a48183b3477b06789862f15
This Metasploit module exploits an MQTT credential disclosure vulnerability in Servisnet Tessa. The app.js is publicly available which acts as the backend of the application. By exposing a default value for the "Authorization" HTTP header, it is possible to make unauthenticated requests to some areas of the application. Even MQTT (Message Queuing Telemetry Transport) protocol connection information can be obtained with this method. A new admin user can be added to the database with this header obtained in the source code. The module tries to log in to the MQTT service with the credentials it has obtained and reflects the response it receives from the service.
a526a71a842e124933fbe29b7fe054817479987a1ba9b99072a7022c4655f1ae
Huawei DG8045 Router version 1.0 suffers from a credential disclosure vulnerability.
77520f5248897d5ea9b2a1365de9496fd926e0602ff19e03ca682ca8d9ddccc9
Vodafone H-500-s version 3.5.10 suffers from a wifi password disclosure vulnerability.
141bb2c0b6895ca188f6be64c7802d296621286ca56799588453acf04705218e
Oliver Library Server 5 versions prior to 8.00.008.053 suffer from an arbitrary file download vulnerability. Softlink Education has contacted Packet Storm and although they were unable to replicate this issue in their hosting environment, they have proactively made changes to the software to mitigate attempts for this attack.
010a7aadffe845f1451dfb359525b2199ba13983bb2b53cad92938a1bf21c363
Apache Log4j2 versions 2.14.1 and below information disclosure exploit.
ba9d5b07577a6679e74d2298770240a1846d62f9ccc75a77024d3f27444bc52b
MTPutty version 1.0.1 suffers from an SSH password disclosure vulnerability.
1cca8979b3a05c7e1b8061034264207513e36f95b6cfa17e38cec49b96a6fb88
WordPress WP Guppy plugin version 1.1 suffers from a WP-JSON API sensitive information disclosure vulnerability.
0c184ef5480f8c0da90f3e998eda5373612fb8589ab006d4fb7fc530d12db79f
Wipro Holmes Orchestrator version 20.4.1 allows unauthenticated re-downloading of priorly exported reports in Excel.
be9d06f0cfdf4b2a5e3e1048b978ac6ba226c9ce6a52b1ce78d912d5e71b418e
OX App Suite versions 7.10.5 and below suffer from cross site scripting and information disclosure vulnerabilities.
c99f2e36cd127fb981a5512d68d67833a23fbcadee9ad6f6f9c134c3632fb7ef
Ubuntu Security Notice 5134-1 - An information disclosure issue was discovered in the command line interface of Docker. A misconfigured credential store could result in supplied credentials being leaked to the public registry, when using the docker login command with a private registry.
11a8fd969279dac2404fecd3abcaa6f718532bed6e35975931b2093909c3f708
SAP Enterprise Portal suffers from an sensitive information disclosure vulnerability in the com.sapportals.navigation.testComponent.NavigationRequestSniffer servlet.
4a8db7aa8f258b1769fbf97ddef33a9c7b31c57775fc5b0aaae9d89f1808d5c0
Jetty version 9.4.37.v20210219 suffers from an information disclosure vulnerability.
2db5d62005c6515d8366be3e8c08c4df222e8620470f674dec2932c545737167