CWE-200

Bluedon Information Security Technologies Co.,Ltd Internet Access Detector v1.0 was discovered to contain an information leak which allows attackers to access the contents of the password file via unspecified vectors.

The Simple Job Board WordPress plugin before 2.10.0 is susceptible to Directory Listing which allows the public listing of uploaded resumes in certain configurations.

FreeTAKServer-UI v1.9.8 was discovered to leak sensitive API and Websocket keys.

Zoho ManageEngine ServiceDesk Plus before 13001 allows anyone to know the organisation’s default currency name.

When connecting to a certain port Axeda agent (All versions) and Axeda Desktop Server for Windows (All versions) supplies the event log of the specific service.

An issue was discovered in Amazon AWS VPN Client 2.0.0. It is possible to include a UNC path in the OpenVPN configuration file when referencing file paths for parameters (such as auth-user-pass). When this file is imported and the client attempts to validate the file path, it performs an open operation on the path and leaks the user’s Net-NTLMv2 hash to an external server. This could be exploited by having a user open a crafted malicious ovpn configuration file.