CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...

CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...

CVE-2022-22986

Netcommunity OG410X and OG810X series Netcommunity OG410Xa, OG410Xi, OG810Xa, and OG810Xi firmware Ver.2.28 and earlier allow an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file...

PT-2022-15756

Name of the Vulnerable Software and Affected Versions Netcommunity OG410X and OG810X series versions 2.28 and earlier Description The issue allows an attacker on the adjacent network to execute an arbitrary OS command via a specially crafted config file. Recommendations For Netcommunity OG410X an...

Hoosk CMS 安全漏洞

Hoosk is a lightweight user-centric content management system CMS with a built-in Codelgniter for creating responsive websites. The system has a built-in Codelgniter for creating responsive websites. An unspecified vulnerability in /install/index.php in Hoosk version 1.8.0 stems from the program'...

CVE-2022-27919

Gradle Enterprise before 2022.1 allows remote code execution if the installation process did not specify an initial configuration file. The configuration allows certain anonymous access to administration and an API...

CVE-2022-26272

A remote code execution RCE vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php...

CVE-2022-26272

A remote code execution RCE vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php...

CVE-2022-26272

A remote code execution RCE vulnerability in Ionize v1.0.8.1 allows attackers to execute arbitrary code via a crafted string written to the file application/config/config.php...

Ionize 安全漏洞

Ionize is a free professional and native multi-language PHP CMS. dedicated to web designers and web agencies to simply delight their customers. A security vulnerability exists in Ionize v1.0.8.1, which can be exploited by an attacker to execute arbitrary code via a specially crafted string writte...

CVE-2022-27206

Jenkins GitLab Authentication Plugin 1.13 and earlier stores the GitLab client secret unencrypted in the global config.xml file on the Jenkins controller where it can be viewed by users with access to the Jenkins controller file system...

CVE-2021-42855

It was discovered that the SteelCentral AppInternals Dynamic Sampling Agent DSA uses the ".debugcommand.config" file to store a json string that contains a list of IDs and pre-configured commands. The config file is subsequently used by the "/api/appInternals/1.0/agent/configuration" API to map t...

PT-2022-11711 · Riverbed · Steelcentral Appinternals Dynamic Sampling Agent

Name of the Vulnerable Software and Affected Versions: SteelCentral AppInternals Dynamic Sampling Agent DSA affected versions not specified Description: A security issue was found in the SteelCentral AppInternals Dynamic Sampling Agent DSA, where it uses a ".debug command.config" file to store a...

Information Disclosure

cobbler is vulnerable to information disclosure. The vulnerability exists because the library does not properly restrict the config file accessibility, which allows an attacker who has access to the server to open an authenticated session with a cobbler daemon...

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from t...

CVE-2022-0563

A flaw was found in the util-linux chfn and chsh utilities when compiled with Readline support. The Readline library uses an "INPUTRC" environment variable to get a path to the library config file. When the library cannot parse the specified file, it prints an error message containing data from t...

Open redirect

Lack of validation of URLs causes Mirantis Container Cloud Lens Extension before v3.1.1 to open external programs other than the default browser to perform sign on to a new cluster. An attacker could host a webserver which serves a malicious Mirantis Container Cloud configuration file and induce...

Remote code execution

In QuickBox Pro v2.5.8 and below, the config.php file has a variable which takes a GET parameter value and parses it into a shellexec''; function without properly sanitizing any shell arguments, therefore remote code execution is possible. Additionally, as the media server is running as root by...

CVE-2022-23134 Possible view of the setup pages by unauthenticated users if config file already exists

After the initial setup process, some steps of setup.php file are reachable not only by super-administrators, but by unauthenticated users as well. Malicious actor can pass step checks and potentially change the configuration of Zabbix Frontend...

CVE-2021-45896

Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...