243 matches found
GHSA-R57F-7XW3-Q2R9 Improper Authentication in Jenkins
Jenkins versions 2.56 and earlier as well as 2.46.1 LTS and earlier are vulnerable to a login command which allowed impersonating any Jenkins user. The login command available in the remoting-based CLI stored the encrypted user name of the successfully authenticated user in a cache file used to...
GHSA-VPQP-HX68-P2WX Improper Link Resolution Before File Access in Suds
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...
Improper Link Resolution Before File Access in Suds
cache.py in Suds 0.4, when tempdir is set to None, allows local users to redirect SOAP queries and possibly have other unspecified impact via a symlink attack on a cache file with a predictable name in /tmp/suds/...
Remote code execution
PHPMyWind 5.6 is vulnerable to Remote Code Execution. Becase input is filtered without ", ?, =, ,...." In WriteConfig function, an attacker can inject php code to /include/config.cache.php file...
CyberArk Credential Provider Local Cache Can Be Decrypted
Vulnerability Details Affected Vendor: CyberArk Affected Product: Application Access Manager/Credential Provider Affected Version: Prior to 12.1 Platform: Linux/Windows/zOS CWE Classification: CWE-326: Inadequate Encryption Strength CVE ID: CVE-2021-31798 2. Vulnerability Description CyberArk...
Smart Template Engine Injection Vulnerability (CNVD-2021-13245)
The Smart template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart Template Engine, which allows an attacker to write to a cache file via the...
Smart Template Engine Injection Vulnerability
The Smart1 template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart template engine, which allows an attacker to write to a cache file via the...
Simon Wisselink Smarty 代码注入漏洞
The Smart template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart Template Engine, which allows an attacker to write to a cache file via the...
Simon Wisselink Smarty 安全漏洞
The Smart1 template engine is one of the most famous PHP engines in the industry today. It provides an easy-to-manage way to separate business logic from presentation logic. A vulnerability has been reported in the Smart template engine, which allows an attacker to write to a cache file via the...
PT-2020-3466 · Red Hat · Red Hat Satellite
Name of the Vulnerable Software and Affected Versions: Red Hat Satellite 6 Description: The issue is related to inadequate access control in Red Hat Satellite, allowing a privileged attacker to read cache files. These cache credentials could help the attacker gain complete control of the Satellit...
PAN-OS: Nginx integer overflow may lead to information leak
Nginx web-server included with PAN-OS is vulnerable to an integer overflow vulnerability that can leak potentially a cache file header if a response was returned from cache. This issue affects: PAN-OS 7.1 versions earlier than 7.1.26; PAN-OS 8.1 versions earlier than 8.1.13; PAN-OS 9.0 versions...
CVE-2019-5184
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code...
Double free
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code...
CVE-2019-5184
An exploitable double free vulnerability exists in the iocheckd service "I/O-Check" functionality of WAGO PFC 200. A specially crafted XML cache file written to a specific location on the device can cause a heap pointer to be freed twice, resulting in a denial of service and potentially code...
CVE-2019-5184
CVE-2019-5184 is a confirmed vulnerability in the WAGO PFC200 controller, affecting the iocheckd service’s I/O-Check functionality. The issue is a double-free during parsing of the XML cache file (iocheckCache.xml) written to a writable location (/tmp), caused by per-gateway entries being freed m...
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
CVE-2019-5178
An exploitable stack buffer overflow vulnerability vulnerability exists in the iocheckd service ‘I/O-Check’ functionality of WAGO PFC 200 Firmware version 03.02.0214. An attacker can send a specially crafted packet to trigger the parsing of this cache file. The destination buffer sp+0x440 is...
CVE-2019-5170
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
CVE-2019-5169
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...
Command injection
An exploitable command injection vulnerability exists in the iocheckd service ‘I/O-Check’ function of the WAGO PFC 200 Firmware version 03.02.0214. A specially crafted XML cache file written to a specific location on the device can be used to inject OS commands. An attacker can send a specially...