The exploit allows an attacker to disclose log files of Wipro Holmes Orchestrator v20.4.1. By sending a crafted request to the target system, an attacker can access sensitive log files containing potentially confidential information.
The script aims to exploit a vulnerability in a cluster manager by searching for a specific 'Alias' parameter in the href attribute of HTML links. If the parameter is found, the script proceeds with the exploitation process. It utilizes BeautifulSoup for parsing HTML content and requests library for making HTTP requests. The vulnerability can potentially lead to information disclosure.
The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.
An Information Disclosure vulnerability in OpenClinic GA 5.247.01 allows an attacker to infer the existence of specific appointments by manipulating the input to the printAppointmentPdf.jsp component. By observing error messages, an unauthorized user can determine the presence of appointments without direct access to the data, potentially revealing sensitive information about appointments at private clinics, surgeries, and doctors' practices. This vulnerability is identified as CVE-2023-40278.
A vulnerability in djangorestframework-simplejwt version <= 5.3.1 allows for various security issues such as Business Object Level Authorization (BOLA), Business Function Level Authorization (BFLA), and Information Disclosure. This vulnerability permits users to access web application resources even after their account has been deactivated due to inadequate user validation checks.
Splunk version 9.0.4 is vulnerable to an information disclosure exploit. By appending /__raw/services/server/info/server-info?output_mode=json to a query, attackers can access sensitive information such as license keys.
The exploit allows an attacker to connect to a Ricoh printer over FTP using default credentials and access sensitive directories such as Help, Info (Printer Information), Prnlog (Print Log), Stat (Statistics), and Syslog (System Log) to view files and information without authentication.
Splunk version 9.0.4 is vulnerable to information disclosure where an attacker can append /__raw/services/server/info/server-info?output_mode=json to a query to access sensitive data like license keys. This can lead to unauthorized access to critical information.
GoText 1.01 discloses user informations to local users.
The 'op', 'bop', 'ext', 'eop' arguments are not properly sanitized before including files from local resources, allowing for arbitrary file inclusion. The 'ext' argument can be used to inject PHP code into the 'cache/ext/statman/log.gtdat' file and execute commands. Additionally, the 'list.gtdat' file in the 'cache/users' folder exposes the MD5 password hashes of all admin and users. This can be exploited by crafting a specific value for the 'upass' parameter.