54 matches found
CVE-2020-12608
An issue was discovered in SolarWinds MSP PME Patch Management Engine Cache Service before 1.1.15 in the Advanced Monitoring Agent. There are insecure file permissions for %PROGRAMDATA%\SolarWinds MSP\SolarWinds.MSP.CacheService\config. This can lead to code execution by changing the...
Milesight IP security cameras trust management issue vulnerability (CNVD-2019-40063)
Milesight IP security cameras are IP camera products from China Pulse Digital Technology Milesight. A security vulnerability exists in Milesight IP security cameras version 2016-11-14 and earlier, which stems from a hardcoded SSL private key stored in the /etc/config directory. No details of the...
DEBIAN-CVE-2017-15093
When api-config-dir is set to a non-empty value, which is not the case by default, the API in PowerDNS Recursor 4.x up to and including 4.0.6 and 3.x up to and including 3.7.4 allows an authorized user to update the Recursor's ACL by adding and removing netmasks, and to configure forward zones. I...
CVE-2015-5383
Roundcube Webmail 1.1.x before 1.1.2 allows remote attackers to obtain sensitive information by reading files in the 1 config, 2 temp, or 3 logs directory...
CVE-2016-2055
xymond/xymond.c in xymond in Xymon 4.1.x, 4.2.x, and 4.3.x before 4.3.25 allow remote attackers to read arbitrary files in the configuration directory via a "config" command...
[SECURITY] Fedora 20 Update: mediawiki-1.23.4-1.fc20
MediaWiki is the software used for Wikipedia and the other Wikimedia Foundation websites. Compared to other wikis, it has an excellent range of features and support for high-traffic websites using multiple servers This package supports wiki farms. Read the instructions for creating wiki instances...
openSUSE Security Update : horde5 (openSUSE-SU-2013:1826-1)
it fixes config directory permission and owner for bnc811369 CVE-2013-1090 %NASLMINLEVEL 70300 C Tenable Network Security, Inc. The descriptive text and package checks in this plugin were extracted from openSUSE Security Update openSUSE-2013-938. The text description of this plugin is C SUSE LLC...
Buffer overflow
Multiple buffer overflows in IBM Tivoli Netcool System Service Monitors SSM and Application Service Monitors ASM 4.0.0 before FP14 and 4.0.1 before FP1 allow context-dependent attackers to execute arbitrary code or cause a denial of service via a long line in 1 hrfstable.idx, 2 hrdevice.idx, 3...
phpMyAdmin -- Multiple XSS
The phpMyAdmin development team reports: Using crafted url parameters, it was possible to produce XSS on the export panels in the server, database and table sections. Crafted values entered in the setup interface can produce XSS; also, if the config directory exists and is writeable, the XSS...
phpMyAdmin3 (pma3) - Remote Code Execution
!/usr/bin/env python coding=utf-8 pma3 - phpMyAdmin3 remote code execute exploit Author: wofeiwo Thx Superhei Tested on: 3.1.1, 3.2.1, 3.4.3 CVE: CVE-2011-2505, CVE-2011-2506 Date: 2011-07-08 Have fun, DO NOT USE IT TO DO BAD THING. Requirements: 1. "config" directory must created&writeable in pm...
Fedora 10 : phpMyAdmin-3.2.0.1-1.fc10 (2009-7340)
The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...
Fedora 9 : phpMyAdmin-3.2.0.1-1.fc9 (2009-7337)
The first security release for phpMyAdmin 3.2.0: - security XSS: Insufficient output sanitizing in bookmarks This version contains a number of small new features and some bug fixes: - core better support for vendor customisation based on what Debian needs - rfe warn when session.gcmaxlifetime is...
phpMyAdmin - '/scripts/setup.php' PHP Code Injection
!/bin/bash CVE-2009-1151: phpMyAdmin '/scripts/setup.php' PHP Code Injection RCE PoC v0.11 by pagvac gnucitizen.org, 4th June 2009. special thanks to Greg Ose labs.neohapsis.com for discovering such a cool vuln, and to str0ke milw0rm.com for testing this PoC script and providing feedback! PoC...
PT-2006-1441 · Rcblog · Rcblog
Name of the Vulnerable Software and Affected Versions: RCBlog version 1.03 Description: The issue allows remote attackers to view account names and MD5 password hashes due to insufficient access control of the data and config directories stored under the web root. Recommendations: For RCBlog...