CVE-2013-0947

EMC RSA Authentication Manager 8.0 before P1 allows local users to discover cleartext operating-system passwords, HTTP plug-in proxy passwords, and SNMP communities by reading a 1 log file or 2 configuration file...

CVE-2011-2169

Google Chrome OS before R12 0.12.433.38 Beta allows local users to gain privileges by creating a /var/lib/chromeos-aliases.conf file and placing commands in it...

CVE-2012-4693

Invensys Wonderware InTouch 2012 R2 and earlier and Siemens ProcessSuite use a weak encryption algorithm for data in Pssecurity.ini, which makes it easier for local users to discover passwords by reading this file...

CVE-2004-2708

Gyach Enhanced Gyach-E before 1.0.0 stores passwords in plaintext, which allows attackers to obtain user passwords by reading the configuration file...

CVE-2003-1482

The backup configuration file for Microsoft MN-500 wireless base station stores administrative passwords in plaintext, which allows local users to gain access...

CVE-2002-1840

irssi IRC client 0.8.4, when downloaded after 14-March-2002, could contain a backdoor in the configuration file, which allows remote attackers to access the system...

CVE-2005-1595

CodeThat ShoppingCart 1.3.1 stores config.ini under the web root, which allows remote attackers to obtain sensitive information via a direct request...

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

CVE-2025-4951

Editions of Rapid7 AppSpider Pro before version 7.5.018 is vulnerable to a stored cross-site scripting vulnerability in the "ScanName" field. Despite the application preventing the inclusion of special characters within the "ScanName" field, this could be bypassed by modifying the configuration...

PT-2025-21793 · Totolink · Totolink A702R +1

Name of the Vulnerable Software and Affected Versions: TOTOLINK A702R, A3002R, and A3002RU version 3.0.0-B20230809.1615 Description: A critical vulnerability was found in the HTTP POST Request Handler component, affecting an unknown function of the file /boafrm/formSaveConfig. The manipulation of...

CVE-2025-24026

iTop is an web based IT Service Management tool. Versions prior to 3.2.1 are vulnerable to regular expression denial of service ReDoS that may, under some circumstances, affect iTop server. Version 3.2.1 doesn't use the affected variable in the regular expression. As a workaround, if iTop...

CVE-2024-8031

The Secure Downloads WordPress plugin before 1.2.3 is vulnerable does not properly restrict which files can be downloaded. This makes it possible for authenticated attackers, with admin-level access and above, to download arbitrary files that may contain sensitive information like wp-config.php...

Alibaba Cloud Linux 3 : 0065: fwupd (ALINUX3-SA-2024:0065)

The remote Alibaba Cloud Linux 3 host has packages installed that are affected by a vulnerability as referenced in the ALINUX3-SA-2024:0065 advisory. Package updates are available for Alibaba Cloud Linux 3 that fix the following vulnerabilities: CVE-2022-3287: When creating an OPERATOR user accou...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

CVE-2025-4535

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

CVE-2025-4535 Gosuncn Technology Group Audio-Visual Integrated Management Platform Configuration File config.properties information disclosure

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

CVE-2025-4535 Gosuncn Technology Group Audio-Visual Integrated Management Platform Configuration File config.properties information disclosure

A vulnerability, which was classified as problematic, was found in Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0. Affected is an unknown function of the file /config/config.properties of the component Configuration File Handler. The manipulation leads to information...

CVE-2025-4535

The CVE refers to Gosuncn Technology Group Audio-Visual Integrated Management Platform 4.0, specifically the Configuration File Handler component. Affected is the /config/config.properties file, where manipulation leads to information disclosure. The flaw is exploitable remotely; public exploits ...

PT-2025-20657 · Gosuncn Technology · Gosuncn Technology Group Audio-Visual Integrated Management Platform

Name of the Vulnerable Software and Affected Versions: Gosuncn Technology Group Audio-Visual Integrated Management Platform version 4.0 Description: A problematic issue was found in the Configuration File Handler component, specifically in the /config/config.properties file, leading to informatio...