TP-Link AX50 Remote Code Execution

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...

PT-2022-20669 · Unknown · Dlt-Daemon

Name of the Vulnerable Software and Affected Versions: dlt-daemon version 2.18.8 Description: An issue in the dlt config file parser.c file allows attackers to cause a double free via crafted TCP packets. This can be exploited by sending specifically crafted packets to the affected system...

TP-Link Router AX50 firmware 210730 - Remote Code Execution (RCE) (Authenticated)

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Date: 2022-06-08 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability...

TP-Link Router AX50 firmware 210730 - Remote Code Execution (Authenticated) Exploit

Exploit Title: TP-Link Router AX50 firmware 210730 - Remote Code Execution RCE Authenticated Exploit Author: Tomas Melicher Technical Details: https://github.com/aaronsvk/CVE-2022-30075 Vendor Homepage: https://www.tp-link.com/ Tested On: Tp-Link Archer AX50 Vulnerability Description: Remote Code...

PT-2022-5539 · D Link · D-Link Dir-1935

Name of the Vulnerable Software and Affected Versions: D-Link DIR-1935 version 1.03 Description: This issue allows network-adjacent attackers to execute arbitrary code on affected installations. Although authentication is required to exploit this issue, the existing authentication mechanism can b...

OS Command Injection in file editor in Gogs

Impact The malicious user is able to update a crafted config file into repository's .git directory in combination with crafted file deletion to gain SSH access to the server. All installations with repository upload enabled default are affected. Patches File deletions are prohibited to repository...

CVE-2022-31213

A flaw was found in the dbus-broker package. This issue occurs when supplying a malformed XML config file and leads to a NULL pointer dereference...

The vulnerability of the SaveConfigFile function of the RACompare service in the FactoryTalk AssetCentre software allows a perpetrator to execute arbitrary commands.

The vulnerability of the SaveConfigFile function in the RACompare service of the FactoryTalk AssetCentre software exists because measures to neutralize the special elements used in the operating system commands are not taken. Exploiting this vulnerability allows a malicious actor to execute...

Improper Authentication in SaltStack Salt

An issue was discovered in SaltStack Salt before 3003.3. The salt minion installer will accept and use a minion config file at C:\salt\conf if that file is in place before the installer is run. This allows for a malicious actor to subvert the proper behaviour of the given minion software...

GHSA-Q7XG-HH3Q-HC68 XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

GHSA-2959-FJ73-HM8P Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...

Missing permission checks in Jenkins Config File Provider Plugin allow enumerating configuration file IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not perform permission checks in several HTTP endpoints. This allows attackers with Overall/Read permission to enumerate configuration file IDs. An enumeration of configuration file IDs in Jenkins Config File Provider Plugin 3.7.1 require...

GHSA-3M3F-2323-64M7 Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

Incorrect permission checks in Jenkins Config File Provider Plugin allow enumerating credentials IDs

Jenkins Config File Provider Plugin 3.7.0 and earlier does not correctly perform permission checks in several HTTP endpoints. This allows attackers with global Job/Configure permission to enumerate system-scoped credentials IDs of credentials stored in Jenkins. Those can be used as part of an...

XML External Entity Reference vulnerability in Jenkins Config File Provider Plugin

Jenkins Config File Provider Plugin 3.7.0 and earlier does not configure its XML parser to prevent XML external entity XXE attacks. This allows attackers with the ability to define Maven configuration files to have Jenkins parse a crafted configuration file that uses external entities for...

GHSA-998M-F2X3-JJQ4 CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...

CSRF vulnerability in Jenkins Config File Provider Plugin allows deleting configuration files

Jenkins Config File Provider Plugin 3.7.0 and earlier does not require POST requests for an HTTP endpoint, resulting in a cross-site request forgery CSRF vulnerability. This vulnerability allows attackers to delete configuration files corresponding to an attacker-specified ID. This is due to an...

GHSA-PXGQ-GQR9-5GWX Path traversal vulnerability in Jenkins agent names

Jenkins 2.274 and earlier, LTS 2.263.1 and earlier allows users with Agent/Configure permission to choose agent names that cause Jenkins to override unrelated config.xml files. If the global config.xml file is replaced, Jenkins will start up with unsafe legacy defaults after a restart. Jenkins...

Token stored in plain text by DigitalOcean Plugin

Jenkins DigitalOcean Plugin 1.1 and earlier stores a token unencrypted in the global config.xml file on the Jenkins master where it can be viewed by users with access to the master file system...

GHSA-PJW3-C74J-M9FJ Password in config file in KIE server

It has been reported that KIE server and Busitess Central before version 7.21.0.Final contain username and password as plaintext Java properties. Any app deployed on the same server would have access to these properties, thus granting access to ther services...