1387 matches found
XWiki configuration files can be accessed through jsx and sx endpoints
Impact It's possible to get access and read configuration files by using URLs such as http://localhost:8080/bin/ssx/Main/WebHome?resource=../../WEB-INF/xwiki.cfg&minify=false. This can apparently be reproduced on Tomcat instances. Patches This has been patched in 17.4.0-rc-1, 16.10.7. Workarounds...
XWiki Platform 安全漏洞
XWiki Platform is the XWiki open source suite of wiki platforms for creating web collaboration applications. A security vulnerability exists in XWiki Platform versions 4.2-milestone-2 through 16.10.6, which stems from a configuration file that is accessible via jsx and sx endpoints...
Linux Distros Unpatched Vulnerability : CVE-2021-22004
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in...
Linux Distros Unpatched Vulnerability : CVE-2023-44690
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Inadequate encryption strength in mycli 1.27.0 allows attackers to view sensitive information via /mycli/config.py CVE-2023-44690 Note that Nessus relies on the...
Linux Distros Unpatched Vulnerability : CVE-2023-46052
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - Sane 1.2.1 heap bounds overwrite in initoptions from backend/test.c via a long initmode string in a configuration file. NOTE: this is disputed because there is ...
Linux Distros Unpatched Vulnerability : CVE-2020-5253
The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - NetHack before version 3.6.0 allowed malicious use of escaping of characters in the configuration file usually .nethackrc which could be exploited. This bug is...
Relative Path Traversal
Overview Affected versions of this package are vulnerable to Relative Path Traversal via insufficient validation in the getConfigFile function in the UIConfigRest class. An attacker can gain unauthorized access to files located in directories that share a common prefix with the intended folder by...
CVE-2025-9382
A weakness has been identified in FNKvision Y215 CCTV Camera 10.194.120.40. This vulnerability affects unknown code of the file s1rftestconfig of the component Telnet Sevice. Executing manipulation can lead to backdoor. The physical device can be targeted for the attack. This attack is...
CVE-2025-29514
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...
CVE-2025-29514
Incorrect access control in the config.xgi function of D-Link DSL-7740C with firmware DSL7740C.V6.TR069.20211230 allows attackers to download the configuration file via providing a crafted web request...
PT-2025-34516 · WordPress · Wptobe-Memberships
Name of the Vulnerable Software and Affected Versions: Wptobe-memberships plugin for WordPress versions through 3.4.2 Description: The Wptobe-memberships plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the del img ajax call function...
CVE-2025-8453
CWE-269: Improper Privilege Management vulnerability exists that could cause privilege escalation and arbitrary code execution when a privileged engineer user with console access modifies a configuration file used by a root-level daemon to execute custom scripts...
PT-2025-34053 · Unknown · Root-Level Daemon
Name of the Vulnerable Software and Affected Versions: affected versions not specified Description: A CWE-269: Improper Privilege Management issue exists that may lead to privilege escalation and arbitrary code execution. This occurs when a privileged engineer user with console access modifies a...
CVE-2025-55740
nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...
CVE-2025-55740 Default Credentials in nginx-defender Configuration Files
nginx-defender is a high-performance, enterprise-grade Web Application Firewall WAF and threat detection system engineered for modern web infrastructure. This is a configuration vulnerability affecting nginx-defender deployments. Example configuration files config.yaml and docker-compose.yml...
CVE-2025-55169
WeGIA is an open source web manager with a focus on the Portuguese language and charitable institutions. Prior to version 3.4.8, a path traversal vulnerability was discovered in the WeGIA application, html/socio/sistema/downloadremessa.php endpoint. This vulnerability could allow an attacker to...
CVE-2025-50515
An issue was discovered in phome Empirebak 2010 in ebak2008/upload/class/config.php allowing attackers to execute arbitrary code when the config file was loaded...
EmpireSoft Empirebak 安全漏洞
EmpireSoft Empirebak Empire Backup King is a software for MySQL big data backup and import from China's EmpireSoft. A security vulnerability exists in EmpireSoft Empirebak that originates in the config.php file that allows execution of arbitrary code...
CVE-2025-50515
CVE-2025-50515 affects phome Empirebak 2010, specifically the config.php in ebak2008/upload/class/. The vulnerability arises when loading the config.php file, allowing arbitrary code execution. Affected component/file: ebak2008/upload/class/config.php; underlying issue not elaborated beyond code ...
CVE-2025-7384
The Database for Contact Form 7, WPforms, Elementor forms plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 1.4.3 via deserialization of untrusted input in the getleaddetail function. This makes it possible for unauthenticated attackers to inject a P...