Design/Logic Flaw

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

CVE-2019-3800 CF CLI writes the client id and secret to config file

CF CLI version prior to v6.45.0 bosh release version 1.16.0 writes the client id and secret to its config file when the user authenticates with --client-credentials flag. A local authenticated malicious user with access to the CF CLI config file can act as that client, who is the owner of the...

PT-2019-11762 · Jenkins · Jenkins Skytap Cloud Ci Plugin +1

Name of the Vulnerable Software and Affected Versions: Jenkins Skytap Cloud CI Plugin versions 2.06 and earlier Description: The issue concerns the storage of credentials in an unencrypted form in job config.xml files on the Jenkins master. This allows users with Extended Read permission or acces...

The vulnerability of the SCALANCE X switch’s microprogramming software, related to incorrect data storage formatting, allows a intruder to restore passwords.

The vulnerability of the SCALANCE X microcontroller’s software is related to incorrect storage of user credentials. Exploiting this vulnerability could allow an intruder to retrieve passwords from the device access to the device’s configuration files is required...

Unspecified Vulnerability in JetBrains IntelliJ IDEA Ultimate

JetBrains IntelliJ IDEA Ultimate is a Czech JetBrains integrated development environment for the Java language. A security vulnerability exists in JetBrains IntelliJ IDEA Ultimate that originates from the program logging server credentials in plaintext to the IDE configuration file. An attacker...

CVE-2019-1893

A vulnerability in Cisco Enterprise NFV Infrastructure Software NFVIS could allow an authenticated, local attacker to execute arbitrary commands on the underlying operating system OS of an affected device as root. The vulnerability is due to insufficient input validation of a configuration file...

Code injection

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...

CVE-2019-5443

A non-privileged user or program can put code and a config file in a known non-privileged path under C:/usr/local/ that will make curl = 7.65.1 automatically run the code as an openssl "engine" on invocation. If that curl is invoked by a privileged user it can do anything it wants...

GHSA-MXJR-XMCG-FG7W Arbitrary Code Injection in mobile-icon-resizer

mobile-icon-resizer resizes large images for use as icons for iOS and Android. mobile-icon-resizer has a code execution vulnerability in versions before 0.4.3. mobile-icon-resizer takes an options object as an argument to define the resulting icons as such: var options = config: './config.js'...

Concrete5 Cross-Site Scripting Vulnerability (CNVD-2019-18846)

concrete5 is an open source content management system CMS for publishing content on the World Wide Web and intranet. A cross-site scripting vulnerability exists in Concrete5 8.4.3. The vulnerability stems from config/concrete.php allowing the upload of SVG files that may contain HTML data with...

Government Sector in Central Asia Targeted With New HAWKBALL Backdoor Delivered via Microsoft Office Vulnerabilities

FireEye Labs recently observed an attack against the government sector in Central Asia. The attack involved the new HAWKBALL backdoor being delivered via well-known Microsoft Office vulnerabilities CVE-2017-11882 and CVE-2018-0802. HAWKBALL is a backdoor that attackers can use to collect...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

Authentication flaw

DISPUTED The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must chang...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

UBUNTU-CVE-2017-12778

DISPUTED The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must chang...

CVE-2017-12778

CVE-2017-12778 concerns qBittorrent 3.3.15 UI Lock. The issue is an Authentication Bypass where an attacker with local access can gain access to qBittorrent functions by tampering the config file: set the 'locked' flag to 'false' inside the 'Locking' stanza (path: C:\Users\Roaming\qBittorrent). T...

CVE-2017-12778

The UI Lock feature in qBittorrent version 3.3.15 is vulnerable to Authentication Bypass, which allows Attack to gain unauthorized access to qBittorrent functions by tampering the affected flag value of the config file at the C:\Users\Roaming\qBittorrent pathname. The attacker must change the...

Command Execution Vulnerability in Doccms 2016

DocCMS rice husk enterprise building system, also known as rice husk cms, doccms, formerly known as deep throat enterprise building system ShlCms, is the industry's leading free open source enterprise website building system, enterprise website generation system. A code execution vulnerability...