Nokia ASIKA version 7.13.52 suffers from a hard-coded private key disclosure vulnerability.
ba290e4ad8f61e25e13991a6b32e0f12e28123576ee71b01dfcecb7262302d64
A Cart version 2.0 suffers from a database disclosure vulnerability.
f02d0af5684e95ea2a0babb2e693e32db722ba7f6a1d94ea916d95540c7adc2e
WordPress Google Maps plugin version 9.0.17 appears to leave backups in a world accessible directory under the document root.
156dd68545b65c54c2373a2cda8dd9dda4f59fcde02261a810d41ad5c595eea7
WordPress File Manager Pro plugin version 8.3.1 appears to leave backups in a world accessible directory under the document root.
4b88684db05c1e6e30e6201dd62cc4950900d94c6892036e226fe347c047f0f2
WordPress Envato plugin version 2.0.7 appears to leave backups in a world accessible directory under the document root.
f2094a0011047a7e71da6c767d74d1960b654e75fb3aa4d77b9cf52e5f7ccd7d
WordPress Duplicator plugin versions 3.8.0.2 through 4.0.2 appear to leave backups in a world accessible directory under the document root.
9a115bff9bfb5c9e5db5e757259c9eb3b36b1f7f1e8efc39986d97a2dde53215
Debian Linux Security Advisory 5430-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of sandbox restrictions.
a4ece4420f8b96970d286b1d8fdd46ce7c0bbe2000da066ceb03829110b5bb0d
Debian Linux Security Advisory 5428-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
438d24cfb222bcb67e2bb899b8d783634905739b4682fb5d053c932f28d87048
WordPress Unyson plugin version 2.7.28 appears to leave backups in a world accessible directory under the document root.
ded4568e592a56e54d8658c4b65d33823bedb435257d32a3cc86b431e0051255
libssh2 version 1.8.2 contains a remotely trigger-able out-of-bounds read, potentially leading to information disclosure.
47dbaa31a29d74354b7f8716952609a928ff2194c685ff7f70671eae2d710286
libssh2 version 1.9.0 contains a remotely trigger-able out-of-bounds read, leading to denial of service or potentially to information disclosure.
e79ff6b1f659b8e1be88dd359afcecafb7933238e7e489068a3bd0a273b7d191
Debian Linux Security Advisory 5420-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
209fcc0d6308ca3c4f8ca823440e01e01d92ded52eed8063ef23b3de06f613d6
Ubuntu Security Notice 6144-1 - It was discovered that LibreOffice did not properly validate the number of parameters passed to the formula interpreter, leading to an array index underflow attack. If a user were tricked into opening a specially crafted spreadsheet file, an attacker could possibly use this issue to execute arbitrary code. Amel Bouziane-Leblond discovered that LibreOffice did not prompt the user before loading the host document inside an IFrame. If a user were tricked into opening a specially crafted input file, an attacker could possibly use this issue to cause information disclosure or execute arbitrary code.
37dcbd392a52b90efbebd568b820d59b5bc9cea60ef156e11a7091896e446143
Magento eCommerce version 2.4.0 suffers from an information disclosure vulnerability.
ab3ecd35ea1bd5ea43f71e8cc7229f70824a190697fc616d9688716fd6a524a1
WordPress Updraft plugin version 0.6.1 suffers from an information disclosure vulnerability.
5b25f4bd4b6c6c3aad3c43163b102ed5e626173201ff5e1cfd700e55203ee573
WordPress WP File Manager plugin version 7.1.7 appears to leave backups in a world accessible directory under the document root.
c9005fcccee0a6133165a91ee9c215da9f0dd7075b27a4f3a42d3ac18c40a37e
WordPress WPtouch Pro version 4 appears to leave backups in a world accessible directory under the document root.
65984e1a3efd66a52431d7ebf5925f03c78ba05afc631500a01fc5a24e0ea25e
Debian Linux Security Advisory 5418-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
84a636d11c6341fab403959a6a9d66ba7ff37699e8e47df760c6f1c8fe61267c
WFTPD version 3.25 leaves credentials accessible in wftpd.ini.
84b7e59e7c79b2e7f54fe4511e8ee6e1626462eecb05c8c986d66ac424e88a4a
A Cart version 1.0 suffers from a database disclosure vulnerability.
88ac4e5b373c0ea5029c7e27e9dc3d0f6253e9099a6ce21ab1a22e4f7cd6a276
WordPress Backup Migration plugin version 1.2.8 suffers from a database disclosure vulnerability.
54bfb2eecc242ef9dd0f6982f9909de6c5939c256b9a2ca0aed8bb82c04f7e1f
Debian Linux Security Advisory 5404-1 - Multiple security issues were discovered in Chromium, which could result in the execution of arbitrary code, denial of service or information disclosure.
b9d8cf3624f6ed52243b417dd4886d4a46160ad20e96d0070a4579b580fe1a6e
Screen SFT DAB 600/C is affected by an information disclosure vulnerability due to improper access control enforcement. An unauthenticated remote attacker can exploit this via a specially crafted request to gain access to sensitive information including usernames and source IP addresses.
e3416b7b51b13c8a02e0377d294d6b4b558ba2a448f681c4ee83ec0d4a9214df
Textpattern version 4.8.8 logs the session token in a GET request where it may end up getting disclosed in logs or via a referer.
1ae8e0b552a4239f94e3a47bd60d1a40de5024ed400567419bb925ce5c2c66e0
This Metasploit module exploits multiple vulnerabilities in the zhttpd binary (/bin/zhttpd) and zcmd binary (/bin/zcmd). It is present on more than 40 Zyxel routers and CPE devices. The remote code execution vulnerability can be exploited by chaining the local file disclosure vulnerability in the zhttpd binary that allows an unauthenticated attacker to read the entire configuration of the router via the vulnerable endpoint /Export_Log?/data/zcfg_config.json. With this information disclosure, the attacker can determine if the router is reachable via ssh and use the second vulnerability in the zcmd binary to derive the supervisor password exploiting a weak implementation of a password derivation algorithm using the device serial number. After exploitation, an attacker will be able to execute any command as user supervisor.
9a3aef1a073115f56b28eb2aec9260df77503937d00eeca46fde8494010d2467