1407 matches found
CVE-2021-45896
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...
CVE-2021-45896
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...
Privilege escalation
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...
CVE-2021-45896
Nokia FastMile 3TG00118ABAD52 devices allow privilege escalation by an authenticated user via isctcadmin=1 to loginwebapp.cgi and use of Import Config File...
PT-2021-24309 · Nokia · Nokia Fastmile
Name of the Vulnerable Software and Affected Versions: Nokia FastMile 3TG00118ABAD52 devices affected versions not specified Description: The issue allows an authenticated user to escalate privileges. This is achieved by setting is ctc admin=1 and accessing the login web app.cgi endpoint, followe...
CVE-2021-23814
This affects versions of the package unisharp/laravel-filemanager before 2.6.2. The upload function does not sufficiently validate the file type when uploading. An attacker may be able to reproduce the following steps: 1. Install a package with a web Laravel application. 2. Navigate to the Upload...
CVE-2021-43811
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
Code injection
Sockeye is an open-source sequence-to-sequence framework for Neural Machine Translation built on PyTorch. Sockeye uses YAML to store model and data configurations on disk. Versions below 2.3.24 use unsafe YAML loading, which can be made to execute arbitrary code embedded in config files. An...
Design/Logic Flaw
Solidus is a free, open-source ecommerce platform built on Rails. Versions of Solidus prior to 3.1.4, 3.0.4, and 2.11.13 have a denial of service vulnerability that could be exploited during a guest checkout. The regular expression used to validate a guest order's email was subject to exponential...
CVE-2021-3553 Server-Side Request Forgery in EPPUpdateService remote config file (VA-9825)
A Server-Side Request Forgery SSRF vulnerability in the EPPUpdateService of Bitdefender Endpoint Security Tools allows an attacker to use the Endpoint Protection relay as a proxy for any remote host. This issue affects: Bitdefender Endpoint Security Tools versions prior to 6.6.27.390; versions...
MTN Group: Sensitive Information Disclosure Through Config File
Summary: An attacker could gain access to sensitive information about usernames, encrypted passwords, internal IP addresses and configuration data of internal services. Steps To Reproduce: - Go to https://zik.mtncameroon.net/common/queryconfig.action Remediation Configure the application to not...
Open Game Panel 安全漏洞
Open Game Panel is an open source game server control panel. It uses a web interface PHP/MySQL to control the agent Perl running on the server hosting the game. It is used to start/stop/monitor game server instances. A security vulnerability exists in Open Game Panel OGP-Agent-Linux, which stems...
SIMATIC RTLS 安全漏洞
SIMATIC RTLS Locating Manager is used to configure, operate, and maintain SIMATIC RTLS units, a real-time wireless positioning system that provides positioning solutions.A security vulnerability exists in Siemens SIMATIC RTLS Locating Manager, which stems from the fact that the application writes...
Adobe: Disclosure of github access token in config file via nignx off-by-slash
Summary: ██████████ is vulnerable to Nginx off-by-slash vulnerability that exposes Git configuration. Steps To Reproduce: 1. Visit https://█████████████ to download git config containing username and token. 2. Use it to pull entire source code via git clone ████████ Leaked: core...
CVE-2021-41078
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...
CVE-2021-41078
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...
PYSEC-2021-383
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...
Code injection
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...
CVE-2021-41078
Summary : CVE-2021-41078 affects Nameko up to version 2.13.0, where deserializing a YAML config file can trigger arbitrary code execution. The root cause is unsafe deserialization of configuration data, enabling an attacker to execute code via crafted config content. Impact : Arbitrary code execu...
CVE-2021-41078
Nameko through 2.13.0 can be tricked into performing arbitrary code execution when deserializing the config file...