In manage_proj_edit_page.php in MantisBT before 2.24.4, any unprivileged logged-in user can retrieve Private Projects' names via the manage_proj_edit_page.php project_id parameter, without having access to them.
Improper input validation in Microsoft Exchange Server allows an authorized attacker to perform tampering over a network.
A Server-Side Request Forgery (SSRF) vulnerability in Microsoft Purview allows an authorized attacker to disclose information over a network.
Improper access control in Azure SaaS Resources allows an authorized attacker to disclose information over a network.
Windows Geolocation Service Information Disclosure Vulnerability
Adobe Campaign version 7.3.1 (and earlier) and 8.3.9 (and earlier) are affected by a Server-Side Request Forgery (SSRF) vulnerability that could lead to arbitrary file system read. A low-privilege authenticated attacker can force the application to make arbitrary requests via injection of arbitrary URLs. Exploitation of this issue does not require user interaction.
In Splunk Enterprise for Windows versions below 10.0.2, 9.4.6, 9.3.8, and 9.2.10, a new installation of or an upgrade to an affected version can result in incorrect permissions assignment in the Splunk Enterprise for Windows Installation directory. This lets non-administrator users on the machine access the directory and all its contents.
<p>An information disclosure vulnerability exists when Microsoft SharePoint Server fails to properly handle objects in memory. An attacker who successfully exploited this vulnerability could obtain information to further compromise the userās system.</p> <p>To exploit the vulnerability, an attacker would have to log on to an affected system and run a specially crafted application.</p> <p>The security update addresses the vulnerability by correcting how Microsoft SharePoint Server handles objects in memory.</p>
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 does not invalidate a session after privileges have been modified which could allow an authenticated user to retain access to sensitive information. CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L CWE: CWE-613: Insufficient Session Expiration CVSS Source: IBM CVSS Base score: 6.3 CVSS Vector: (CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:L)
IBM InfoSphere Information Server 11.7.0.0 through 11.7.1.6 could allow an attacker to obtain sensitive information due to insufficiently protected credentials.
Network Policy Server (NPS) RADIUS Protocol Information Disclosure Vulnerability
Network Device Enrollment Service (NDES) Security Feature Bypass Vulnerability
Windows Server Remotely Accessible Registry Keys Information Disclosure Vulnerability
An information disclosure vulnerability exists when Remote Desktop Web Access improperly handles credential information, aka 'Remote Desktop Web Access Information Disclosure Vulnerability'.
IBM InfoSphere Information Server 11.7 could allow an authenticated user to obtain sensitive information that should only be available to a privileged user.
In affected versions of Octopus Server under certain circumstances it is possible for sensitive variables to be printed in the task log in clear-text.
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Microsoft Exchange Server Information Disclosure Vulnerability
IBM Robotic Process Automation 20.10.0, 20.12.5, 21.0.0, 21.0.1, and 21.0.2 contains a vulnerability that could allow a user to obtain sensitive information due to information properly masked in the control center UI. IBM X-Force ID: 227294.
IBM EntireX 11.1Ā could allow an authenticated attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
IBM InfoSphere Information Server 11.7 could allow a remote attacker to traverse directories on the system. An attacker could send a specially crafted URL request containing "dot dot" sequences (/../) to view arbitrary files on the system.
IBM InfoSphere Information Server 11.7 could allow an authenticated to obtain sensitive username information due to an observable response discrepancy.
The file browser in Jenkins Continuous Integration with Toad Edge Plugin 2.3 and earlier may interpret some paths to files as absolute on Windows, resulting in a path traversal vulnerability allowing attackers with Item/Read permission to obtain the contents of arbitrary files on Windows controllers.
Azure SDK for .NET Information Disclosure Vulnerability
Azure Site Recovery Information Disclosure Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
IBM OpenPages with Watson 8.3 and 9.0 could provide weaker than expected security in storage of encrypted data. If an authenticated remote attacker with access to the database or a local attacker with access to server files could extract the encrypted data, they could exploit this vulnerability to use additional cryptographic methods to possibly extract the encrypted data.
Windows Server Service Information Disclosure Vulnerability
Remote Desktop Protocol Client Information Disclosure Vulnerability
Windows DNS Server Information Disclosure Vulnerability
The default privileges for the running service Normand Message Buffer in Beckman Coulter Remisol Advance v2.0.12.1 and prior allows non-privileged users to overwrite and manipulate executables and libraries. This allows attackers to access sensitive data.
Azure Site Recovery Information Disclosure Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Improper authorization of an index that contains sensitive informationĀ from a Global Files search in Windows Defender allows an authorized attacker to disclose information over a network.
Microsoft SharePoint Information Disclosure Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability
Windows iSCSI Target Service Information Disclosure Vulnerability
Azure Site Recovery Elevation of Privilege Vulnerability
Windows Hyper-V Shared Virtual Hard Disks Information Disclosure Vulnerability