CVE-2018-25114 osCommerce 2.3.4.1 Installer Unauthenticated Configuration File Injection PHP Code Execution

A remote code execution vulnerability exists within osCommerce Online Merchant version 2.3.4.1 due to insecure default configuration and missing authentication in the installer workflow. By default, the /install/ directory remains accessible after installation. An unauthenticated attacker can...

Stored Cross-site Scripting (XSS)

org.glassfish.main.admingui, console-common is vulnerable to Stored Cross-site Scripting XSS. The vulnerability is due to improper handling of user input in the configuration file, which allows an attacker to inject and store malicious scripts in the application through modifications in the...

CVE-2025-44652

In Netgear RAX30 V1.0.10.943, the USERLIMITGLOBAL option is set to 0 in multiple bftpd-related configuration files. This can cause DoS attacks when unlimited users are connected...

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-50151

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-50151 Apache Jena: Configuration files uploaded by administrative users are not check properly

File access paths in configuration files uploaded by users with administrator access are not validated. This issue affects Apache Jena version up to 5.4.0. Users are recommended to upgrade to version 5.5.0, which does not allow arbitrary configuration upload...

CVE-2025-44653

In H3C GR2200 MiniGR1A0V100R016, the USERLIMITGLOBAL option is set to 0 in the /etc/bftpd.conf. This can cause DoS attacks when unlimited users are connected...

CVE-2025-44649

The CVE-2025-44649 entry affects TRENDnet TEW-WLC100P 2.03b03, where the racoon configuration uses exchage_mode = aggressive in IKE Phase 1. This exposes identity information in plaintext and is vulnerable to offline dictionary attacks, while limiting security-parameter negotiation. CVSS v3.1 bas...

CVE-2025-44651

In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...

PT-2025-30316 · H3C · H3C Gr2200 Minigr1A0V100R016

Name of the Vulnerable Software and Affected Versions: H3C GR2200 MiniGR1A0V100R016 Description: The USERLIMIT GLOBAL option is set to 0 in the /etc/bftpd.conf file. This configuration can lead to denial-of-service DoS attacks due to the possibility of unlimited user connections. Recommendations:...

CVE-2025-44651

In TRENDnet TPL-430AP FW1.0, the USERLIMITGLOBAL option is set to 0 in the bftpd-related configuration file. This can cause DoS attacks when unlimited users are connected...

VulnCheck KEV: CVE-2023-5683

A vulnerability was found in Byzoro Smart S85F Management Platform up to 20231010 and classified as critical. This issue affects some unknown processing of the file /sysmanage/importconf.php. The manipulation of the argument btnfilerenew leads to os command injection. The attack may be initiated...

CVE-2024-10031

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

CVE-2025-32353

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials for privileged access stored in the collector.txt configuration file...

CVE-2025-6231

Technical details about CVE-2025-6231 are not publicly provided in the connected documents. Monitor for updates; no concrete exploit, affected versions, or fixes are described here.

CVE-2025-6265

A path traversal vulnerability in the fileupload-cgi CGI program of Zyxel NWA50AX PRO firmware version 7.10ACGE.2 and earlier could allow an authenticated attacker with administrator privileges to access specific directories and delete files, such as the configuration file, on the affected device...

CVE-2025-32353

Kaseya Rapid Fire Tools Network Detective 2.0.16.0 has Unencrypted Credentials for privileged access stored in the collector.txt configuration file...

GHSA-HP97-5X6G-Q538 Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...

Cross-site Scripting (XSS)

Overview Affected versions of this package are vulnerable to Cross-site Scripting XSS via modifications to the configuration file in the underlying operating system. An attacker can execute arbitrary scripts in the context of the affected application by injecting malicious content into the...

Eclipse GlassFish is vulnerable to Stored XSS attacks through configuration file modifications

In Eclipse GlassFish version 7.0.15 is possible to perform Stored Cross-site Scripting attacks by modifying the configuration file in the underlying operating system...