Super Store Finder Injection Vulnerability

Super Store Finder is an easy-to-use Google Maps API store finder program Super Store Finder by Super Store Finder. An injection vulnerability exists in Super Store Finder 3.7 and earlier versions, which stems from an arbitrary PHP code injection vulnerability. An attacker can exploit this...

CVE-2023-5142

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of th...

CVE-2023-5142 H3C ER6300G2 Config File userLogin.asp path traversal

A vulnerability classified as problematic was found in H3C GR-1100-P, GR-1108-P, GR-1200W, GR-1800AX, GR-2200, GR-3200, GR-5200, GR-8300, ER2100n, ER2200G2, ER3200G2, ER3260G2, ER5100G2, ER5200G2 and ER6300G2 up to 20230908. This vulnerability affects unknown code of the file /userLogin.asp of th...

PT-2023-31817 · H3C · H3C Gr-1100-P +14

Name of the Vulnerable Software and Affected Versions: H3C GR-1100-P versions up to 20230908 H3C GR-1108-P versions up to 20230908 H3C GR-1200W versions up to 20230908 H3C GR-1800AX versions up to 20230908 H3C GR-2200 versions up to 20230908 H3C GR-3200 versions up to 20230908 H3C GR-5200 version...

Duplicate Advisory: EVE's Debug Functions Unlockable Without Triggering Measured Boot

Duplicate Advisory This advisory has been withdrawn because it is a duplicate of GHSA-4c4v-42hc-72p6. This link is maintained to preserve external references. Original Description On boot, the Pillar eve container checks for the existence and content of “/config/GlobalConfig/global.json”. If the...

PT-2023-5230 · Ge · Ge Cimpicity

Name of the Vulnerable Software and Affected Versions: GE CIMPLICITY version 2023 Description: The issue is related to a process control vulnerability in GE CIMPLICITY 2023, which could allow a local attacker to insert malicious configuration files in the expected web server execution path to...

GE CIMPLICITY Security Breach

GE CIMPLICITY is a client/server based HMI/SCADA solution from General Electric GE. The solution captures and shares real-time and historical data across all levels of the enterprise, enabling operational visualization of process, equipment, and resource monitoring. A security vulnerability exist...

Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC 安全漏洞

Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC is a hardware and software solution designed for power system automation and control from Schweitzer Engineering Laboratories, USA. A security vulnerability exists in the Schweitzer Engineering Laboratories SEL-5033 AcSELerator RTAC th...

Beijing Baichuo Smart S85F Management Platform 安全漏洞

Beijing Baichuo Smart S85F Management Platform is a management platform from Beijing Baichuo. A security vulnerability exists in Beijing Baichuo Smart S85F Management Platform 20230809 and prior versions, which originates in the file /config/php.ini and results in a direct request...

PT-2023-29551 · Beijing Baichuo · Beijing Baichuo Smart S85F Management Platform

Name of the Vulnerable Software and Affected Versions: Beijing Baichuo Smart S85F Management Platform up to 20230809 Description: A vulnerability was found in the processing of the file /config/php.ini. The manipulation leads to direct request. The attack may be initiated remotely. The exploit ha...

AZL-37046 CVE-2023-3899 affecting package subscription-manager 1.29.30-2

A vulnerability was found in subscription-manager that allows local privilege escalation due to inadequate authorization. The D-Bus interface com.redhat.RHSM1 exposes a significant number of methods to all users that could change the state of the registration. By using the...

HEDnsExtractor - Raw Html Extractor From Hurricane Electric Portal

HEDnsExtractor Raw html extractor from Hurricane Electric portal Features Automatically identify IPAddr ou Networks through command line parameter or stdin Extract networks based on IPAddr. Extract domains from networks. Installation go install -v...

CVE-2023-40339

A flaw was found in the Config File Provider Jenkins Plugin. Affected versions of this plugin do not mask replace with asterisks credentials specified in configuration files when they're written to the build log...

Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

GHSA-PV2G-VM98-VJXF Jenkins Config File Provider Plugin improper credential masking vulnerability

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they’re written to the build log. Config File Provider Plugin 953.v0432a802e4d2 masks credentials configured in configuration files if the...

Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

GHSA-36FG-WHR2-G999 Jenkins NodeJS Plugin improper credential masking vulnerability

Jenkins NodeJS Plugin integrates with Config File Provider Plugin to specify custom NPM settings, including credentials for authentication, in a Npm config file. NodeJS Plugin 1.6.0 and earlier does not properly mask i.e., replace with asterisks credentials specified in the Npm config file in...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

CVE-2023-40339

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...

Code injection

Jenkins Config File Provider Plugin 952.va544a6234b46 and earlier does not mask i.e., replace with asterisks credentials specified in configuration files when they're written to the build log...