An information disclosure vulnerability has been found in the GeoVision GV-ASManager web application with version 6.1.0.0 or lower. This vulnerability allows unauthorized access to sensitive information within the application, such as user accounts and clear text passwords, potentially leading to unauthorized access to monitoring cameras, access cards, and other critical data.
The ABB Cylon Aspect version 3.08.02 application is vulnerable to storing sensitive information in clear text within a Cookie. This includes the global parameter, where base64-encoded credentials are stored. By exploiting this vulnerability, a remote attacker can intercept the HTTP Cookie, gaining access to authentication credentials through a man-in-the-middle attack, potentially leading to unauthorized access to user accounts and sensitive data.
An API-level vulnerability in Nagios Log Server 2024R1.3.1 allows any user with a valid API token to retrieve a full list of user accounts along with their plaintext API keys, including administrator credentials. This flaw enables user enumeration, privilege escalation, and full system compromise via unauthorized use of exposed tokens.
An authenticated attacker can access critical information via the system logs page of ABB Cylon FLXeon controllers, including the OpenSSL password for stored certificates. This data exposure can lead to potential attacks like decrypting encrypted communications, impersonation, or gaining deeper system access.
The Microsoft library-ms file format was found to have an NTLM hash disclosure vulnerability, where sensitive information could be exposed. Initially considered not severe by MSRC in 2018, it was later acknowledged by Microsoft and assigned CVE-2025-24054 in 2025. This vulnerability allows remote attackers to access sensitive information.
The exploit leverages an unauthenticated API endpoint (/api/config) on the Solstice Pod to extract sensitive information like the session key, server version, product details, and display name. Attackers can retrieve live session data by accessing this endpoint without proper authentication.
The exploit allows an attacker to disclose log files of Wipro Holmes Orchestrator v20.4.1. By sending a crafted request to the target system, an attacker can access sensitive log files containing potentially confidential information.
The script aims to exploit a vulnerability in a cluster manager by searching for a specific 'Alias' parameter in the href attribute of HTML links. If the parameter is found, the script proceeds with the exploitation process. It utilizes BeautifulSoup for parsing HTML content and requests library for making HTTP requests. The vulnerability can potentially lead to information disclosure.
The Hitachi NAS (HNAS) System Management Unit (SMU) version 14.8.7825 and below is prone to an information disclosure vulnerability. An attacker can exploit this issue to gain access to sensitive information. This vulnerability has been assigned CVE-2023-6538.
An Information Disclosure vulnerability in OpenClinic GA 5.247.01 allows an attacker to infer the existence of specific appointments by manipulating the input to the printAppointmentPdf.jsp component. By observing error messages, an unauthorized user can determine the presence of appointments without direct access to the data, potentially revealing sensitive information about appointments at private clinics, surgeries, and doctors' practices. This vulnerability is identified as CVE-2023-40278.
Services By CQR