Luvion Grand Elite 3 Connect Credential Disclosure
An issue was discovered in Luvion Grand Elite 3 Connect through 2020-02-25. Clients can authenticate themselves to the device using a username and password. These credentials can be obtained through an...
View ArticleBrother MFC-J491DW C1806180757 Password Hash Disclosure
An issue was discovered on Brother MFC-J491DW C1806180757 devices. The printer's web-interface password hash can be retrieved without authentication, because the response header of any failed login...
View ArticleAlecto IVM-100 2019-11-12 Information Disclosure
An issue was discovered on Alecto IVM-100 2019-11-12 devices. The device comes with a serial interface at the board level. By attaching to this serial interface and rebooting the device, a large amount...
View ArticleDebian Security Advisory 5735-1
Debian Linux Security Advisory 5735-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
View ArticleCaterease Software SQL Injection / Command Injection / Bypass
This is the official vulnerability disclosure report for CVEs CVE-2024-38881 through CVE-2024-38891 by jTag Labs. This report details critical security vulnerabilities found within Caterease Software,...
View ArticleDebian Security Advisory 5736-1
Debian Linux Security Advisory 5736-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox...
View ArticleDebian Security Advisory 5738-1
Debian Linux Security Advisory 5738-1 - Several vulnerabilities have been discovered in the OpenJDK Java runtime, which may result in denial of service, information disclosure or bypass of Java sandbox...
View ArticleDebian Security Advisory 5741-1
Debian Linux Security Advisory 5741-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
View ArticleUbuntu Security Notice USN-6959-1
Ubuntu Security Notice 6959-1 - It was discovered that .NET suffered from an information disclosure vulnerability. An attacker could potentially use this issue to read targeted email messages.
View ArticleBang Resto 1.0 Information Disclosure
Bang Resto version 1.0 suffers from an information disclosure vulnerability.
View ArticleDebian Security Advisory 5757-1
Debian Linux Security Advisory 5757-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
View ArticleDebian Security Advisory 5761-1
Debian Linux Security Advisory 5761-1 - Security issues were discovered in Chromium which could result in the execution of arbitrary code, denial of service, or information disclosure.
View ArticleApache Rave User Information Disclosure
This Metasploit module exploits an information disclosure in Apache Rave 0.20 and prior. The vulnerability exists in the RPC API, which allows any authenticated user to disclose information about all...
View ArticleCisco PVC2300 POE Video Camera Configuration Download
This Metasploit module exploits an information disclosure vulnerability in Cisco PVC2300 cameras in order to download the configuration file containing the admin credentials for the web interface. The...
View ArticleHuawei Datacard Information Disclosure
This Metasploit module exploits an unauthenticated information disclosure vulnerability in Huawei SOHO routers. The module will gather information by accessing the /api pages where authentication is...
View ArticleSplunk __raw Server Info Disclosure
Splunk 6.2.3 through 7.0.1 allows information disclosure by appending /__raw/services/server/info/server-info?output_mode=json to a query. Versions 6.6.0 through 7.0.1 require authentication.
View ArticleHikvision IP Camera Information Disclosure
Many Hikvision IP cameras have improper authorization logic that allows unauthenticated information disclosure of camera information, such as detailed hardware and software configuration, user...
View ArticleMinIO Bootstrap Verify Information Disclosure
MinIO is a Multi-Cloud Object Storage framework. In a cluster deployment starting with RELEASE.2019-12-17T23-16-33Z and prior to RELEASE.2023-03-20T20-16-18Z, MinIO returns all environment variables,...
View ArticleManageEngine Multiple Products Arbitrary Directory Listing
This Metasploit module exploits a directory listing information disclosure vulnerability in the FailOverHelperServlet on ManageEngine OpManager, Applications Manager and IT360. It makes a recursive...
View ArticleSysAid Help Desk Arbitrary File Download
This Metasploit module exploits two vulnerabilities in SysAid Help Desk that allows an unauthenticated user to download arbitrary files from the system. First, an information disclosure vulnerability...
View Article